Config Connector resources

Config Connector supports the following resources. All Config Connector resources have a Kubernetes API group of cnrm.cloud.google.com.

Google Cloud Resource Config Connector Resource Name
Access Context Manager AccessContextManagerAccessLevel
Access Context Manager AccessContextManagerAccessPolicy
BigQuery BigQueryDataset
BigQuery BigQueryTable
Cloud Bigtable BigtableInstance
Cloud Build CloudBuildTrigger
Compute Engine ComputeAddress
Compute Engine ComputeBackendBucket
Compute Engine ComputeBackendService
Compute Engine ComputeDisk
Compute Engine ComputeExternalVPNGateway
Compute Engine ComputeFirewall
Compute Engine ComputeForwardingRule
Compute Engine ComputeHealthCheck
Compute Engine ComputeHTTPHealthCheck
Compute Engine ComputeHTTPSHealthCheck
Compute Engine ComputeImage
Compute Engine ComputeInstance
Compute Engine ComputeInstanceGroup
Compute Engine ComputeInstanceTemplate
Compute Engine ComputeInterconnectAttachment
Compute Engine ComputeNetwork
Compute Engine ComputeNetworkEndpointGroup
Compute Engine ComputeNetworkPeering
Compute Engine ComputeNodeGroup
Compute Engine ComputeNodeTemplate
Compute Engine ComputeReservation
Compute Engine ComputeResourcePolicy
Compute Engine ComputeRoute
Compute Engine ComputeRouter
Compute Engine ComputeRouterInterface
Compute Engine ComputeRouterNAT
Compute Engine ComputeRouterPeer
Compute Engine ComputeSecurityPolicy
Compute Engine ComputeSharedVPCHostProject
Compute Engine ComputeSharedVPCServiceProject
Compute Engine ComputeSnapshot
Compute Engine ComputeSSLCertificate
Compute Engine ComputeSSLPolicy
Compute Engine ComputeSubnetwork
Compute Engine ComputeTargetHttpProxy
Compute Engine ComputeTargetHttpsProxy
Compute Engine ComputeTargetInstance
Compute Engine ComputeTargetPool
Compute Engine ComputeTargetSslProxy
Compute Engine ComputeTargetTcpProxy
Compute Engine ComputeTargetVPNGateway
Compute Engine ComputeURLMap
Compute Engine ComputeVPNGateway
Compute Engine ComputeVPNTunnel
Dataflow DataflowJob
Cloud DNS DNSManagedZone
Cloud DNS DNSPolicy
Cloud DNS DNSRecordSet
Firestore FirestoreIndex
Google Kubernetes Engine ContainerCluster
Google Kubernetes Engine ContainerNodePool
Cloud Identity and Access Management IAMCustomRole
Cloud Identity and Access Management IAMPolicy
Cloud Identity and Access Management IAMPolicyMember
Cloud Identity and Access Management IAMServiceAccount
Cloud Identity and Access Management IAMServiceAccountKey
Cloud Key Management Service KMSCryptoKey
Cloud Key Management Service KMSKeyRing
Pub/Sub PubSubSubscription
Pub/Sub PubSubTopic
Memorystore RedisInstance
Resource Manager Folder
Resource Manager Project
Service Networking ServiceNetworkingConnection
Service Usage Service
Cloud Source Repositories SourceRepoRepository
Cloud Spanner SpannerDatabase
Cloud Spanner SpannerInstance
Cloud SQL SQLDatabase
Cloud SQL SQLInstance
Cloud SQL SQLUser
Cloud Storage StorageBucket
Cloud Storage StorageBucketAccessControl
Cloud Storage StorageDefaultObjectAccessControl
Cloud Storage StorageNotification
Storage Transfer Service StorageTransferJob

AccessContextManagerAccessLevel

Property Value
Google Cloud Service Name BigQuery
Google Cloud Service Documentation /access-context-manager/docs/
Google Cloud REST Resource Name accesscontextmanager/v1/accessLevels
Google Cloud REST Resource Documentation /access-context-manager/docs/reference/rest/v1/accessLevels
Config Connector Resource Short Names gcpaccesscontextmanageraccesslevel
gcpaccesscontextmanageraccesslevels
accesscontextmanageraccesslevel
Config Connector Service Name accesscontextmanager.googleapis.com
Config Connector Resource Fully Qualified Name accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: accesscontextmanager.cnrm.cloud.google.com/v1beta1
kind: AccessContextManagerAccessLevel
metadata:
  annotations:
    # Replace "${ORG_ID?}" with the numeric ID for your organization
    cnrm.cloud.google.com/organization-id: "${ORG_ID}"
  name: accesslevelsample
spec:
  accessPolicyRef:
    name: accessleveldep
  title: Config Connector Sample Access Level
  basic:
    conditions:
      - devicePolicy:
          requireCorpOwned: true
      - devicePolicy:
          osConstraints:
          - osType: DESKTOP_CHROME_OS
    combiningFunction: OR
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: accesscontextmanager.cnrm.cloud.google.com/v1beta1
kind: AccessContextManagerAccessPolicy
metadata:
  annotations:
    # Replace "${ORG_ID?}" with the numeric ID for your organization
    cnrm.cloud.google.com/organization-id: "${ORG_ID}"
  name: accessleveldep
spec:
  title: Config Connector Access Level Dependency

Custom Resource Definition Properties

Spec

Schema
accessPolicyRef:
  external: string
  name: string
  namespace: string
basic:
  combiningFunction: string
  conditions:
  - devicePolicy:
      allowedDeviceManagementLevels:
      - string
      allowedEncryptionStatuses:
      - string
      osConstraints:
      - minimumVersion: string
        osType: string
      requireAdminApproval: boolean
      requireCorpOwned: boolean
      requireScreenLock: boolean
    ipSubnetworks:
    - string
    members:
    - serviceAccountRef:
        external: string
        name: string
        namespace: string
      user: string
    negate: boolean
    regions:
    - string
    requiredAccessLevels:
    - external: string
      name: string
      namespace: string
description: string
title: string
Fields
Name Description

accessPolicyRef

 

Required

object

The AccessContextManagerAccessPolicy this AccessContextManagerAccessLevel lives in.

accessPolicyRef.external

 

Optional

string

The name of an AccessContextManagerAccessPolicy.

accessPolicyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

accessPolicyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

basic

 

Optional

object

A set of predefined conditions for the access level and a combining function.

basic.combiningFunction

 

Optional

string

How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default value: "AND" Possible values: ["AND", "OR"]

basic.conditions

 

Required*

list (object)

basic.conditions.[]

 

Required*

object

basic.conditions.[].devicePolicy

 

Optional

object

Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.

basic.conditions.[].devicePolicy.allowedDeviceManagementLevels

 

Optional

list (string)

basic.conditions.[].devicePolicy.allowedDeviceManagementLevels.[]

 

Optional

string

basic.conditions.[].devicePolicy.allowedEncryptionStatuses

 

Optional

list (string)

basic.conditions.[].devicePolicy.allowedEncryptionStatuses.[]

 

Optional

string

basic.conditions.[].devicePolicy.osConstraints

 

Optional

list (object)

basic.conditions.[].devicePolicy.osConstraints.[]

 

Optional

object

basic.conditions.[].devicePolicy.osConstraints.[].minimumVersion

 

Optional

string

The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch" such as "10.5.301", "9.2.1".

basic.conditions.[].devicePolicy.osConstraints.[].osType

 

Required*

string

The operating system type of the device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS"]

basic.conditions.[].devicePolicy.requireAdminApproval

 

Optional

boolean

Whether the device needs to be approved by the customer admin.

basic.conditions.[].devicePolicy.requireCorpOwned

 

Optional

boolean

Whether the device needs to be corp owned.

basic.conditions.[].devicePolicy.requireScreenLock

 

Optional

boolean

Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.

basic.conditions.[].ipSubnetworks

 

Optional

list (string)

basic.conditions.[].ipSubnetworks.[]

 

Optional

string

basic.conditions.[].members

 

Optional

list (object)

An allowed list of members (users, service accounts). Using groups is not supported. The signed-in user originating the request must be a part of one of the provided members. If not specified, a request may come from any user (logged in/not logged in, not present in any groups, etc.).

basic.conditions.[].members.[]

 

Optional

object

An allowed list of members (users, service accounts). Using groups is not supported. The signed-in user originating the request must be a part of one of the provided members. If not specified, a request may come from any user (logged in/not logged in, not present in any groups, etc.).

basic.conditions.[].members.[].serviceAccountRef

 

Optional

object

basic.conditions.[].members.[].serviceAccountRef.external

 

Optional

string

The email of an IAMServiceAccount.

basic.conditions.[].members.[].serviceAccountRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

basic.conditions.[].members.[].serviceAccountRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

basic.conditions.[].members.[].user

 

Optional

string

basic.conditions.[].negate

 

Optional

boolean

Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.

basic.conditions.[].regions

 

Optional

list (string)

basic.conditions.[].regions.[]

 

Optional

string

basic.conditions.[].requiredAccessLevels

 

Optional

list (object)

A list of other access levels defined in the same policy. Referencing an AccessContextManagerAccessLevel which does not exist is an error. All access levels listed must be granted for the condition to be true.

basic.conditions.[].requiredAccessLevels.[]

 

Optional

object

A list of other access levels defined in the same policy. Referencing an AccessContextManagerAccessLevel which does not exist is an error. All access levels listed must be granted for the condition to be true.

basic.conditions.[].requiredAccessLevels.[].external

 

Optional

string

The name of an AccessContextManagerAccessLevel.

basic.conditions.[].requiredAccessLevels.[].name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

basic.conditions.[].requiredAccessLevels.[].namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

description

 

Optional

string

Description of the AccessLevel and its use. Does not affect behavior.

title

 

Required

string

Human readable title. Must be unique within the Policy.

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

AccessContextManagerAccessPolicy

Property Value
Google Cloud Service Name BigQuery
Google Cloud Service Documentation /access-context-manager/docs/
Google Cloud REST Resource Name accesscontextmanager/v1/accessPolicies
Google Cloud REST Resource Documentation /access-context-manager/docs/reference/rest/v1/accessPolicies
Config Connector Resource Short Names gcpaccesscontextmanageraccesspolicy
gcpaccesscontextmanageraccesspolicies
accesscontextmanageraccesspolicy
Config Connector Service Name accesscontextmanager.googleapis.com
Config Connector Resource Fully Qualified Name accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: accesscontextmanager.cnrm.cloud.google.com/v1beta1
kind: AccessContextManagerAccessPolicy
metadata:
  annotations:
    # Replace "${ORG_ID?}" with the numeric ID for your organization
    cnrm.cloud.google.com/organization-id: "${ORG_ID}"
  name: accesspolicysample
spec:
  title: Config Connector Sample

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/organization-id

Spec

Schema
title: string
Fields
Name Description

title

 

Required

string

Human readable title. Does not affect behavior.

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
createTime: string
name: string
updateTime: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

createTime

string

Time the AccessPolicy was created in UTC.

name

string

Resource name of the AccessPolicy. Format: {policy_id}

updateTime

string

Time the AccessPolicy was updated in UTC.

BigQueryDataset

Property Value
Google Cloud Service Name BigQuery
Google Cloud Service Documentation /bigquery/docs/
Google Cloud REST Resource Name bigquery/v2/datasets
Google Cloud REST Resource Documentation /bigquery/docs/reference/rest/v2/datasets
Config Connector Resource Short Names gcpbigquerydataset
gcpbigquerydatasets
bigquerydataset
Config Connector Service Name bigquery.googleapis.com
Config Connector Resource Fully Qualified Name bigquerydatasets.bigquery.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: bigquery.cnrm.cloud.google.com/v1beta1
kind: BigQueryDataset
metadata:
  annotations:
    cnrm.cloud.google.com/delete-contents-on-destroy: "false"
  name: bigquerydatasetsample
spec:
  defaultTableExpirationMs: 3600000
  description: "BigQuery Dataset Sample"
  friendlyName: bigquerydataset-sample
  location: US

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id
cnrm.cloud.google.com/delete-contents-on-destroy

Spec

Schema
access:
- domain: string
  groupByEmail: string
  role: string
  specialGroup: string
  userByEmail: string
  view:
    datasetId: string
    projectId: string
    tableId: string
defaultEncryptionConfiguration:
  kmsKeyRef:
    external: string
    name: string
    namespace: string
defaultPartitionExpirationMs: integer
defaultTableExpirationMs: integer
description: string
friendlyName: string
location: string
Fields
Name Description

access

 

Optional

list (object)

access.[]

 

Optional

object

access.[].domain

 

Optional

string

A domain to grant access to. Any users signed in with the domain specified will be granted the specified access

access.[].groupByEmail

 

Optional

string

An email address of a Google Group to grant access to.

access.[].role

 

Optional

string

Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts, and will show a diff post-create. See [official docs](https://cloud.google.com/bigquery/docs/access-control).

access.[].specialGroup

 

Optional

string

A special group to grant access to. Possible values include: * 'projectOwners': Owners of the enclosing project. * 'projectReaders': Readers of the enclosing project. * 'projectWriters': Writers of the enclosing project. * 'allAuthenticatedUsers': All authenticated BigQuery users.

access.[].userByEmail

 

Optional

string

An email address of a user to grant access to. For example: fred@example.com

access.[].view

 

Optional

object

A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation.

access.[].view.datasetId

 

Required*

string

The ID of the dataset containing this table.

access.[].view.projectId

 

Required*

string

The ID of the project containing this table.

access.[].view.tableId

 

Required*

string

The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters.

defaultEncryptionConfiguration

 

Optional

object

The default encryption key for all tables in the dataset. Once this property is set, all newly-created partitioned tables in the dataset will have encryption key set to this value, unless table creation request (or query) overrides the key.

defaultEncryptionConfiguration.kmsKeyRef

 

Required*

object

Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key.

defaultEncryptionConfiguration.kmsKeyRef.external

 

Optional

string

The selfLink of a KMSCryptoKey.

defaultEncryptionConfiguration.kmsKeyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

defaultEncryptionConfiguration.kmsKeyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

defaultPartitionExpirationMs

 

Optional

integer

The default partition expiration for all partitioned tables in the dataset, in milliseconds. Once this property is set, all newly-created partitioned tables in the dataset will have an 'expirationMs' property in the 'timePartitioning' settings set to this value, and changing the value will only affect new tables, not existing ones. The storage in a partition will have an expiration time of its partition time plus this value. Setting this property overrides the use of 'defaultTableExpirationMs' for partitioned tables: only one of 'defaultTableExpirationMs' and 'defaultPartitionExpirationMs' will be used for any new partitioned table. If you provide an explicit 'timePartitioning.expirationMs' when creating or updating a partitioned table, that value takes precedence over the default partition expiration time indicated by this property.

defaultTableExpirationMs

 

Optional

integer

The default lifetime of all tables in the dataset, in milliseconds. The minimum value is 3600000 milliseconds (one hour). Once this property is set, all newly-created tables in the dataset will have an 'expirationTime' property set to the creation time plus the value in this property, and changing the value will only affect new tables, not existing ones. When the 'expirationTime' for a given table is reached, that table will be deleted automatically. If a table's 'expirationTime' is modified or removed before the table expires, or if you provide an explicit 'expirationTime' when creating a table, that value takes precedence over the default expiration time indicated by this property.

description

 

Optional

string

A user-friendly description of the dataset

friendlyName

 

Optional

string

A descriptive name for the dataset

location

 

Optional

string

The geographic location where the dataset should reside. See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). There are two types of locations, regional or multi-regional. A regional location is a specific geographic place, such as Tokyo, and a multi-regional location is a large geographic area, such as the United States, that contains at least two geographic places. Possible regional values include: 'asia-east1', 'asia-northeast1', 'asia-southeast1', 'australia-southeast1', 'europe-north1', 'europe-west2' and 'us-east4'. Possible multi-regional values: 'EU' and 'US'. The default value is multi-regional location 'US'. Changing this forces a new resource to be created.

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTime: integer
etag: string
lastModifiedTime: integer
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTime

integer

The time when this dataset was created, in milliseconds since the epoch.

etag

string

A hash of the resource.

lastModifiedTime

integer

The date when this dataset or any of its tables was last modified, in milliseconds since the epoch.

selfLink

string

BigQueryTable

Property Value
Google Cloud Service Name BigQuery
Google Cloud Service Documentation /bigquery/docs/
Google Cloud Rest Resource Name bigquery/v2/tables
Google Cloud Rest Resource Documentation /bigquery/docs/reference/rest/v2/tables
Config Connector Resource Short Names gcpbigquerytable
gcpbigquerytables
bigquerytable
Config Connector Service Name bigquery.googleapis.com
Config Connector Resource Fully Qualified Name bigquerytables.bigquery.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: bigquery.cnrm.cloud.google.com/v1beta1
kind: BigQueryDataset
metadata:
  name: bigquerytabledep
spec:
  friendlyName: bigquerytable-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: bigquery.cnrm.cloud.google.com/v1beta1
kind: BigQueryTable
metadata:
  name: bigquerytablesample
  labels:
    data-source: "external"
    schema-type: "auto-junk"
spec:
  description: "BigQuery Sample Table"
  datasetRef:
    name: bigquerytabledep
  friendlyName: bigquerytable-sample
  externalDataConfiguration:
    autodetect: true
    compression: NONE
    ignoreUnknownValues: false
    maxBadRecords: 10
    sourceFormat: CSV
    sourceUris:
      - "gs://gcp-public-data-landsat/LC08/01/044/034/LC08_L1GT_044034_20130330_20170310_01_T2/LC08_L1GT_044034_20130330_20170310_01_T2_ANG.txt"
      - "gs://gcp-public-data-landsat/LC08/01/044/034/LC08_L1GT_044034_20130330_20180201_01_T2/LC08_L1GT_044034_20130330_20180201_01_T2_ANG.txt"

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
clustering:
- string
datasetRef:
  external: string
  name: string
  namespace: string
description: string
encryptionConfiguration:
  kmsKeyRef:
    external: string
    name: string
    namespace: string
expirationTime: integer
externalDataConfiguration:
  autodetect: boolean
  compression: string
  csvOptions:
    allowJaggedRows: boolean
    allowQuotedNewlines: boolean
    encoding: string
    fieldDelimiter: string
    quote: string
    skipLeadingRows: integer
  googleSheetsOptions:
    range: string
    skipLeadingRows: integer
  ignoreUnknownValues: boolean
  maxBadRecords: integer
  sourceFormat: string
  sourceUris:
  - string
friendlyName: string
rangePartitioning:
  field: string
  range:
    end: integer
    interval: integer
    start: integer
schema: string
timePartitioning:
  expirationMs: integer
  field: string
  requirePartitionFilter: boolean
  type: string
view:
  query: string
  useLegacySql: boolean
Fields
Name Description

clustering

 

Optional

list (string)

clustering.[]

 

Optional

string

datasetRef

 

Required

object

datasetRef.external

 

Optional

string

The name of a BigQueryDataset.

datasetRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

datasetRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

description

 

Optional

string

encryptionConfiguration

 

Optional

object

encryptionConfiguration.kmsKeyRef

 

Required*

object

encryptionConfiguration.kmsKeyRef.external

 

Optional

string

The selfLink of a KMSCryptoKey.

encryptionConfiguration.kmsKeyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

encryptionConfiguration.kmsKeyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

expirationTime

 

Optional

integer

externalDataConfiguration

 

Optional

object

externalDataConfiguration.autodetect

 

Required*

boolean

externalDataConfiguration.compression

 

Optional

string

externalDataConfiguration.csvOptions

 

Optional

object

externalDataConfiguration.csvOptions.allowJaggedRows

 

Optional

boolean

externalDataConfiguration.csvOptions.allowQuotedNewlines

 

Optional

boolean

externalDataConfiguration.csvOptions.encoding

 

Optional

string

externalDataConfiguration.csvOptions.fieldDelimiter

 

Optional

string

externalDataConfiguration.csvOptions.quote

 

Required*

string

externalDataConfiguration.csvOptions.skipLeadingRows

 

Optional

integer

externalDataConfiguration.googleSheetsOptions

 

Optional

object

externalDataConfiguration.googleSheetsOptions.range

 

Optional

string

externalDataConfiguration.googleSheetsOptions.skipLeadingRows

 

Optional

integer

externalDataConfiguration.ignoreUnknownValues

 

Optional

boolean

externalDataConfiguration.maxBadRecords

 

Optional

integer

externalDataConfiguration.sourceFormat

 

Required*

string

externalDataConfiguration.sourceUris

 

Required*

list (string)

externalDataConfiguration.sourceUris.[]

 

Required*

string

friendlyName

 

Optional

string

rangePartitioning

 

Optional

object

rangePartitioning.field

 

Required*

string

rangePartitioning.range

 

Required*

object

rangePartitioning.range.end

 

Required*

integer

rangePartitioning.range.interval

 

Required*

integer

rangePartitioning.range.start

 

Required*

integer

schema

 

Optional

string

timePartitioning

 

Optional

object

timePartitioning.expirationMs

 

Optional

integer

timePartitioning.field

 

Optional

string

timePartitioning.requirePartitionFilter

 

Optional

boolean

timePartitioning.type

 

Required*

string

view

 

Optional

object

view.query

 

Required*

string

view.useLegacySql

 

Optional

boolean

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTime: integer
etag: string
lastModifiedTime: integer
location: string
numBytes: integer
numLongTermBytes: integer
numRows: integer
selfLink: string
type: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTime

integer

etag

string

lastModifiedTime

integer

location

string

numBytes

integer

numLongTermBytes

integer

numRows

integer

selfLink

string

type

string

BigtableInstance

Property Value
Google Cloud Service Name Cloud Bigtable
Google Cloud Service Documentation /bigtable/docs/
Google Cloud REST Resource Name bigtableadmin/v2/projects.instances
Google Cloud REST Resource Documentation /bigtable/docs/reference/admin/rest/v2/projects.instances
Config Connector Resource Short Names gcpbigtableinstance
gcpbigtableinstances
bigtableinstance
Config Connector Service Name bigtableadmin.googleapis.com
Config Connector Resource Fully Qualified Name bigtableinstances.bigtable.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember Yes
Supports IAM Conditions No
IAM External Reference Format

projects/{{project}}/instances/{{name}}

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: bigtable.cnrm.cloud.google.com/v1beta1
kind: BigtableInstance
metadata:
  name: bigtableinstance-sample
spec:
  displayName: BigtableSample
  instanceType: PRODUCTION
  cluster:
  - clusterId: bigtableinstance-dep1
    zone: us-central1-a
    numNodes: 3
  - clusterId: bigtableinstance-dep2
    zone: us-west1-a
    numNodes: 3

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
cluster:
- clusterId: string
  numNodes: integer
  storageType: string
  zone: string
displayName: string
instanceType: string
Fields
Name Description

cluster

 

Optional

list (object)

cluster.[]

 

Optional

object

cluster.[].clusterId

 

Required*

string

cluster.[].numNodes

 

Optional

integer

cluster.[].storageType

 

Optional

string

cluster.[].zone

 

Required*

string

displayName

 

Optional

string

instanceType

 

Optional

string

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

CloudBuildTrigger

Property Value
Google Cloud Service Name Cloud Build
Google Cloud Service Documentation /cloud-build/docs/
Google Cloud REST Resource Name v1.projects.triggers
Google Cloud REST Resource Documentation /cloud-build/docs/reference/rest/v1/projects.triggers
Config Connector Resource Short Names gcpcloudbuildtrigger
gcpcloudbuildtriggers
cloudbuildtrigger
Config Connector Service Name cloudbuild.googleapis.com
Config Connector Resource Fully Qualified Name cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Build Trigger For Cloud Source Repo

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: cloudbuild.cnrm.cloud.google.com/v1beta1
kind: CloudBuildTrigger
metadata:
  name: cloudbuildtrigger-sample-cloudsourcerepo
spec:
  description: Cloud Build Trigger for building the master branch of the referenced Cloud Source Repository.
  disabled: false
  triggerTemplate:
    repoRef:
      name: cloudbuildtrigger-dep-cloudsourcerepo
    dir: "team-a/service-b"
    branchName: master
  ignoredFiles:
    - "**/*.md"
  includedFiles:
    - "src/**"
  substitutions:
    "_SERVICE_NAME": "service-name"
  build:
    # Note: $PROJECT_ID and $COMMIT_SHA are variables that are expanded by the
    # Cloud Build API when the build is created. More info:
    # https://cloud.google.com/cloud-build/docs/configuring-builds/substitute-variable-values
    images: ["gcr.io/$PROJECT_ID/${_SERVICE_NAME}:$COMMIT_SHA"]
    tags: ["team-a", "service-b"]
    timeout: 1800s
    step:
      - id: "download_zip"
        name: gcr.io/cloud-builders/gsutil
        args: ["cp", "gs://mybucket/remotefile.zip", "localfile.zip"]
        timeout: 300s
      - id: "build_package"
        name: gcr.io/cloud-builders/go
        args: ["build", "my_package"]
        dir: directory
        env:
          - "ENV1=one"
          - "ENV2=two"
        secretEnv:
          - "SECRET_ENV1"
        timeout: 300s
      - id: "build_docker_image"
        name: gcr.io/cloud-builders/docker
        args: ["build", "-t", "gcr.io/$PROJECT_ID/${_SERVICE_NAME}:$COMMIT_SHA", "-f", "Dockerfile", "."]
        timeout: 300s
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: sourcerepo.cnrm.cloud.google.com/v1beta1
kind: SourceRepoRepository
metadata:
  name: cloudbuildtrigger-dep-cloudsourcerepo

Build Trigger For GitHub Repo

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: cloudbuild.cnrm.cloud.google.com/v1beta1
kind: CloudBuildTrigger
metadata:
  name: cloudbuildtrigger-sample-github
spec:
  # Cloud Build Triggers for GitHub repositories require that you first connect
  # your GCP project to your GitHub repository. More info:
  # https://cloud.google.com/cloud-build/docs/automating-builds/create-github-app-triggers
  description: Cloud Build Trigger for building the master branch of the GitHub repository at github.com/owner_name/repo_name
  disabled: false
  github:
    owner: owner_name
    name: repo_name
    push:
      branch: master
  ignoredFiles:
    - "**/*.md"
  includedFiles:
    - "src/**"
  substitutions:
    "_SERVICE_NAME": "service-name"
  build:
    # Note: $PROJECT_ID and $COMMIT_SHA are variables that are expanded by the
    # Cloud Build API when the build is created. More info:
    # https://cloud.google.com/cloud-build/docs/configuring-builds/substitute-variable-values
    images: ["gcr.io/$PROJECT_ID/${_SERVICE_NAME}:$COMMIT_SHA"]
    tags: ["team-a", "service-b"]
    timeout: 1800s
    step:
      - id: "download_zip"
        name: gcr.io/cloud-builders/gsutil
        args: ["cp", "gs://mybucket/remotefile.zip", "localfile.zip"]
        timeout: 300s
      - id: "build_package"
        name: gcr.io/cloud-builders/go
        args: ["build", "my_package"]
        dir: directory
        env:
          - "ENV1=one"
          - "ENV2=two"
        secretEnv:
          - "SECRET_ENV1"
        timeout: 300s
      - id: "build_docker_image"
        name: gcr.io/cloud-builders/docker
        args: ["build", "-t", "gcr.io/$PROJECT_ID/${_SERVICE_NAME}:$COMMIT_SHA", "-f", "Dockerfile", "."]
        timeout: 300s

Build Trigger With Template File

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: cloudbuild.cnrm.cloud.google.com/v1beta1
kind: CloudBuildTrigger
metadata:
  name: cloudbuildtrigger-sample-withtemplatefile
spec:
  description: Cloud Build Trigger with a build template file. Builds the master branch of the referenced Cloud Source Repository.
  disabled: false
  triggerTemplate:
    repoRef:
      name: cloudbuildtrigger-dep-withtemplatefile
    dir: "team-a/service-b"
    branchName: master
  ignoredFiles:
    - "**/*.md"
  includedFiles:
    - "src/**"
  substitutions:
    "_SERVICE_NAME": "service-name"
  filename: "cloudbuild.yaml"
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: sourcerepo.cnrm.cloud.google.com/v1beta1
kind: SourceRepoRepository
metadata:
  name: cloudbuildtrigger-dep-withtemplatefile

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
build:
  images:
  - string
  step:
  - args:
    - string
    dir: string
    entrypoint: string
    env:
    - string
    id: string
    name: string
    secretEnv:
    - string
    timeout: string
    timing: string
    volumes:
    - name: string
      path: string
    waitFor:
    - string
  tags:
  - string
  timeout: string
description: string
disabled: boolean
filename: string
github:
  name: string
  owner: string
  pullRequest:
    branch: string
    commentControl: string
  push:
    branch: string
    tag: string
ignoredFiles:
- string
includedFiles:
- string
substitutions:
  string: string
triggerTemplate:
  branchName: string
  commitSha: string
  dir: string
  repoRef:
    external: string
    name: string
    namespace: string
  tagName: string
Fields
Name Description

build

 

Optional

object

Contents of the build template. Either a filename or build template must be provided.

build.images

 

Optional

list (string)

build.images.[]

 

Optional

string

build.step

 

Required*

list (object)

build.step.[]

 

Required*

object

build.step.[].args

 

Optional

list (string)

build.step.[].args.[]

 

Optional

string

build.step.[].dir

 

Optional

string

Working directory to use when running this step's container. If this value is a relative path, it is relative to the build's working directory. If this value is absolute, it may be outside the build's working directory, in which case the contents of the path may not be persisted across build step executions, unless a 'volume' for that path is specified. If the build specifies a 'RepoSource' with 'dir' and a step with a 'dir', which specifies an absolute path, the 'RepoSource' 'dir' is ignored for the step's execution.

build.step.[].entrypoint

 

Optional

string

Entrypoint to be used instead of the build step image's default entrypoint. If unset, the image's default entrypoint is used

build.step.[].env

 

Optional

list (string)

build.step.[].env.[]

 

Optional

string

build.step.[].id

 

Optional

string

Unique identifier for this build step, used in 'wait_for' to reference this build step as a dependency.

build.step.[].name

 

Required*

string

The name of the container image that will run this particular build step. If the image is available in the host's Docker daemon's cache, it will be run directly. If not, the host will attempt to pull the image first, using the builder service account's credentials if necessary. The Docker daemon's cache will already have the latest versions of all of the officially supported build steps (https://github.com/GoogleCloudPlatform/cloud-builders). The Docker daemon will also have cached many of the layers for some popular images, like "ubuntu", "debian", but they will be refreshed at the time you attempt to use them. If you built an image in a previous build step, it will be stored in the host's Docker daemon's cache and is available to use as the name for a later build step.

build.step.[].secretEnv

 

Optional

list (string)

build.step.[].secretEnv.[]

 

Optional

string

build.step.[].timeout

 

Optional

string

Time limit for executing this build step. If not defined, the step has no time limit and will be allowed to continue to run until either it completes or the build itself times out.

build.step.[].timing

 

Optional

string

Output only. Stores timing information for executing this build step.

build.step.[].volumes

 

Optional

list (object)

build.step.[].volumes.[]

 

Optional

object

build.step.[].volumes.[].name

 

Required*

string

Name of the volume to mount. Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps.

build.step.[].volumes.[].path

 

Required*

string

Path at which to mount the volume. Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths.

build.step.[].waitFor

 

Optional

list (string)

build.step.[].waitFor.[]

 

Optional

string

build.tags

 

Optional

list (string)

build.tags.[]

 

Optional

string

build.timeout

 

Optional

string

Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. The expected format is the number of seconds followed by s. Default time is ten minutes (600s).

description

 

Optional

string

Human-readable description of the trigger.

disabled

 

Optional

boolean

Whether the trigger is disabled or not. If true, the trigger will never result in a build.

filename

 

Optional

string

Path, from the source root, to a file whose contents is used for the template. Either a filename or build template must be provided.

github

 

Optional

object

Describes the configuration of a trigger that creates a build whenever a GitHub event is received. One of 'trigger_template' or 'github' must be provided.

github.name

 

Optional

string

Name of the repository. For example: The name for https://github.com/googlecloudplatform/cloud-builders is "cloud-builders".

github.owner

 

Optional

string

Owner of the repository. For example: The owner for https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform".

github.pullRequest

 

Optional

object

filter to match changes in pull requests. Specify only one of pullRequest or push.

github.pullRequest.branch

 

Required*

string

Regex of branches to match.

github.pullRequest.commentControl

 

Optional

string

Whether to block builds on a "/gcbrun" comment from a repository owner or collaborator. Possible values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED"]

github.push

 

Optional

object

filter to match changes in refs, like branches or tags. Specify only one of pullRequest or push.

github.push.branch

 

Optional

string

Regex of branches to match. Specify only one of branch or tag.

github.push.tag

 

Optional

string

Regex of tags to match. Specify only one of branch or tag.

ignoredFiles

 

Optional

list (string)

ignoredFiles.[]

 

Optional

string

includedFiles

 

Optional

list (string)

includedFiles.[]

 

Optional

string

substitutions

 

Optional

map (key: string, value: string)

Substitutions data for Build resource.

triggerTemplate

 

Optional

object

Template describing the types of source changes to trigger a build. Branch and tag names in trigger templates are interpreted as regular expressions. Any branch or tag change that matches that regular expression will trigger a build. One of 'trigger_template' or 'github' must be provided.

triggerTemplate.branchName

 

Optional

string

Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. This field is a regular expression.

triggerTemplate.commitSha

 

Optional

string

Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided.

triggerTemplate.dir

 

Optional

string

Directory, relative to the source root, in which to run the build. This must be a relative path. If a step's dir is specified and is an absolute path, this value is ignored for that step's execution.

triggerTemplate.repoRef

 

Optional

object

The Cloud Source Repository to build. If omitted, the repo with name "default" is assumed.

triggerTemplate.repoRef.external

 

Optional

string

The name of a SourceRepoRepository.

triggerTemplate.repoRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

triggerTemplate.repoRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

triggerTemplate.tagName

 

Optional

string

Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. This field is a regular expression.

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
createTime: string
triggerId: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

createTime

string

Time when the trigger was created.

triggerId

string

The unique identifier for the trigger.

ComputeAddress

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name
v1.addresses
v1.globalAddresses
Google Cloud REST Resource Documentation
/compute/docs/reference/rest/v1/globalAddresses
/compute/docs/reference/rest/v1/addresses
Config Connector Resource Short Names gcpcomputeaddress
gcpcomputeaddresses
computeaddress
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeaddresses.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

ComputeAddress can manage both global and regional addresses. To manage a global ComputeAddress use a value of global in the spec.location field. To manage a regional ComputeAddress, use a region name in the spec.location field.

Sample YAML(s)

Global Compute Address

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
  name: computeaddress-sample-global
  labels:
    label-one: "value-one"
spec:
  addressType: INTERNAL
  description: a test global address
  location: global
  ipVersion: IPV4
  purpose: VPC_PEERING
  prefixLength: 16
  networkRef:
    name: computeaddress-dep-global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computeaddress-dep-global
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false

Regional Compute Address

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
  name: computeaddress-sample-regional
  labels:
    label-one: "value-one"
spec:
  addressType: INTERNAL
  description: a test regional address
  location: us-central1
  ipVersion: IPV6
  subnetworkRef:
    name: computeaddress-dep-regional
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computeaddress-dep-regional
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
  name: computeaddress-dep-regional
spec:
  ipCidrRange: 10.2.0.0/16
  region: us-central1
  networkRef:
    name: computeaddress-dep-regional

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
address: string
addressType: string
description: string
ipVersion: string
location: string
networkRef:
  external: string
  name: string
  namespace: string
networkTier: string
prefixLength: integer
purpose: string
subnetworkRef:
  external: string
  name: string
  namespace: string
Fields
Name Description

address

 

Optional

string

The static external IP address represented by this resource. Only IPv4 is supported. An address may only be specified for INTERNAL address types. The IP address must be inside the specified subnetwork, if any.

addressType

 

Optional

string

The type of address to reserve. Default value: "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"]

description

 

Optional

string

An optional description of this resource.

ipVersion

 

Optional

string

The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: ["IPV4", "IPV6"]

location

 

Required

string

Location represents the geographical location of the ComputeAddress. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)

networkRef

 

Optional

object

The network in which to reserve the IP range. The IP range must be in the RFC1918 space. The network cannot be deleted if there are any reserved IP ranges referring to it. This should only be set when using an Internal address.

networkRef.external

 

Optional

string

The name of a ComputeNetwork.

networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

networkTier

 

Optional

string

The networking tier used for configuring this address. If this field is not specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]

prefixLength

 

Optional

integer

The prefix length of the IP range. If not present, it means the address field is a single IP address. This field is not applicable to addresses with addressType=EXTERNAL.

purpose

 

Optional

string

The purpose of this resource, which can be one of the following values: - GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, internal load balancers, and similar resources. This should only be set when using an Internal address. Possible values: ["GCE_ENDPOINT"]

subnetworkRef

 

Optional

object

The subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes.

subnetworkRef.external

 

Optional

string

The name of a ComputeSubnetwork.

subnetworkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

subnetworkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
labelFingerprint: string
selfLink: string
users:
- string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

labelFingerprint

string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

selfLink

string

users

list (string)

users.[]

string

ComputeBackendBucket

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.backendBucket
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/backendBucket
Config Connector Resource Short Names gcpcomputebackendbucket
gcpcomputebackendbuckets
computebackendbucket
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computebackendbuckets.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Basic Backend Bucket

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendBucket
metadata:
  name: computebackendbucket-sample-basic
  labels:
    label-one: "value-one"
spec:
  bucketRef:
    name: ${PROJECT_ID?}-backendbucket-dep-basic
  description: contains a reference to a bucket for use with HTTP(S) load-balancing
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
metadata:
  # StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID.
  name: ${PROJECT_ID?}-backendbucket-dep-basic

Cdn Enabled Backend Bucket

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendBucket
metadata:
  name: computebackendbucket-sample-cdnenabled
  labels:
    label-one: "value-one"
spec:
  bucketRef:
    name: ${PROJECT_ID?}-backendbucket-dep-cdn
  description: contains a reference to a bucket for use with HTTP(S) load-balancing and integrated CDN, caching on endpoints for only 1/10th the default time
  enableCdn: true
  cdnPolicy:
    signedUrlCacheMaxAgeSec: 360
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
metadata:
  # StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID.
  name: ${PROJECT_ID?}-backendbucket-dep-cdn

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
bucketRef:
  external: string
  name: string
  namespace: string
cdnPolicy:
  signedUrlCacheMaxAgeSec: integer
description: string
enableCdn: boolean
Fields
Name Description

bucketRef

 

Required

object

Reference to the bucket.

bucketRef.external

 

Optional

string

The name of a StorageBucket.

bucketRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

bucketRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

cdnPolicy

 

Optional

object

Cloud CDN configuration for this Backend Bucket.

cdnPolicy.signedUrlCacheMaxAgeSec

 

Required*

integer

Maximum number of seconds the response to a signed URL request will be considered fresh. After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.

description

 

Optional

string

An optional textual description of the resource; provided by the client when the resource is created.

enableCdn

 

Optional

boolean

If true, enable Cloud CDN for this BackendBucket.

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

selfLink

string

ComputeBackendService

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name
v1.backendServices
v1.regionBackendServices
Google Cloud REST Resource Documentation
/compute/docs/reference/rest/v1/backendServices
/compute/docs/reference/rest/v1/regionBackendServices
Config Connector Resource Short Names gcpcomputebackendservice
gcpcomputebackendservices
computebackendservice
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computebackendservices.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

ComputeBackendService can manage both global and regional backend services. To manage a global ComputeBackendService use a value of global in the spec.location field. To manage a regional ComputeBackendService, use a region name in the spec.location field.

Sample YAML(s)

External Load Balancing Backend Service

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
  name: computebackendservice-sample-externalloadbalancing
spec:
  description: External backend service with cookie-based session affinity.
  portName: cookie-cloud
  timeoutSec: 30
  healthChecks:
  - healthCheckRef:
      name: computebackendservice-dep-externalloadbalancing
  loadBalancingScheme: EXTERNAL
  location: global
  protocol: HTTPS
  affinityCookieTtlSec: 360
  connectionDrainingTimeoutSec: 60
  securityPolicyRef:
    name: computebackendservice-dep-externalloadbalancing
  sessionAffinity: GENERATED_COOKIE
  customRequestHeaders:
  - "Trailer: custom-trailer"
  logConfig:
    enable: true
    sampleRate: 0.5
  backend:
  - balancingMode: RATE
    capacityScaler: 1
    description: A network endpoint group serving this backend with all its available capacity, as calculated by number of simultaneous connections.
    maxRatePerEndpoint: 10
    group:
      networkEndpointGroupRef:
        name: computebackendservice-dep-externalloadbalancing
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
  name: computebackendservice-dep-externalloadbalancing
spec:
  httpsHealthCheck:
    port: 443
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstanceGroup
metadata:
  name: computebackendservice-dep-externalloadbalancing
spec:
  namedPort:
  - name: cookie-cloud
    port: 8444
  zone: us-central1-a
  networkRef:
    name: computebackendservice-dep-externalloadbalancing
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computebackendservice-dep-externalloadbalancing
spec:
  routingMode: GLOBAL
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetworkEndpointGroup
metadata:
  name: computebackendservice-dep-externalloadbalancing
spec:
  networkRef:
    name: computebackendservice-dep-externalloadbalancing
  location: us-west1-a
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSecurityPolicy
metadata:
  name: computebackendservice-dep-externalloadbalancing
spec:
  rule:
  - action: deny(403)
    priority: 2147483647
    match:
      versionedExpr: SRC_IPS_V1
      config:
        srcIpRanges:
        - "*"

Internal Managed Load Balancing Backend Service

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
  name: computebackendservice-sample-internalmanagedloadbalancing
spec:
  description: Internal managed backend service with Maglev session affinity.
  localityLbPolicy: MAGLEV
  timeoutSec: 86400
  consistentHash:
    httpHeaderName: "Hash string"
  healthChecks:
  - healthCheckRef:
      name: computebackendservice-dep-internalmanagedloadbalancing
  loadBalancingScheme: INTERNAL_MANAGED
  location: us-east1
  protocol: HTTP
  connectionDrainingTimeoutSec: 10
  sessionAffinity: HEADER_FIELD
  circuitBreakers:
    connectTimeout:
      nanos: 999999999
      seconds: 0
    maxConnections: 1024
    maxPendingRequests: 1024
    maxRequests: 1024
    maxRequestsPerConnection: 1
    maxRetries: 3
  logConfig:
    enable: false
  outlierDetection:
    consecutiveGatewayFailure: 5
    enforcingConsecutiveErrors: 100
    enforcingSuccessRate: 100
    successRateMinimumHosts: 5
    successRateRequestVolume: 100
    baseEjectionTime:
      nanos: 999999999
      seconds: 29
    consecutiveErrors: 5
    enforcingConsecutiveGatewayFailure: 0
    interval:
      nanos: 999999999
      seconds: 9
    maxEjectionPercent: 10
    successRateStdevFactor: 1900
  backend:
  - balancingMode: RATE
    capacityScaler: 0.9
    description: An instance group serving this backend with 90% of its capacity, as calculated by requests per second.
    maxRate: 10000
    group:
      instanceGroupRef:
        name: computebackendservice-dep-internalmanagedloadbalancing
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
  name: computebackendservice-dep-internalmanagedloadbalancing
spec:
  httpHealthCheck:
    port: 80
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstanceGroup
metadata:
  name: computebackendservice-dep-internalmanagedloadbalancing
spec:
  zone: us-east1-c
  networkRef:
    name: computebackendservice-dep-internalmanagedloadbalancing
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computebackendservice-dep-internalmanagedloadbalancing
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
affinityCookieTtlSec: integer
backend:
- balancingMode: string
  capacityScaler: float
  description: string
  group:
    instanceGroupRef:
      external: string
      name: string
      namespace: string
    networkEndpointGroupRef:
      external: string
      name: string
      namespace: string
  maxConnections: integer
  maxConnectionsPerEndpoint: integer
  maxConnectionsPerInstance: integer
  maxRate: integer
  maxRatePerEndpoint: float
  maxRatePerInstance: float
  maxUtilization: float
cdnPolicy:
  cacheKeyPolicy:
    includeHost: boolean
    includeProtocol: boolean
    includeQueryString: boolean
    queryStringBlacklist:
    - string
    queryStringWhitelist:
    - string
  signedUrlCacheMaxAgeSec: integer
circuitBreakers:
  connectTimeout:
    nanos: integer
    seconds: integer
  maxConnections: integer
  maxPendingRequests: integer
  maxRequests: integer
  maxRequestsPerConnection: integer
  maxRetries: integer
connectionDrainingTimeoutSec: integer
consistentHash:
  httpCookie:
    name: string
    path: string
    ttl:
      nanos: integer
      seconds: integer
  httpHeaderName: string
  minimumRingSize: integer
customRequestHeaders:
- string
description: string
enableCdn: boolean
failoverPolicy:
  disableConnectionDrainOnFailover: boolean
  dropTrafficIfUnhealthy: boolean
  failoverRatio: float
healthChecks:
- healthCheckRef:
    external: string
    name: string
    namespace: string
  httpHealthCheckRef:
    external: string
    name: string
    namespace: string
iap:
  oauth2ClientId: string
  oauth2ClientSecret:
    value: string
    valueFrom:
      secretKeyRef:
        key: string
        name: string
  oauth2ClientSecretSha256: string
loadBalancingScheme: string
localityLbPolicy: string
location: string
logConfig:
  enable: boolean
  sampleRate: float
networkRef:
  external: string
  name: string
  namespace: string
outlierDetection:
  baseEjectionTime:
    nanos: integer
    seconds: integer
  consecutiveErrors: integer
  consecutiveGatewayFailure: integer
  enforcingConsecutiveErrors: integer
  enforcingConsecutiveGatewayFailure: integer
  enforcingSuccessRate: integer
  interval:
    nanos: integer
    seconds: integer
  maxEjectionPercent: integer
  successRateMinimumHosts: integer
  successRateRequestVolume: integer
  successRateStdevFactor: integer
portName: string
protocol: string
securityPolicyRef:
  external: string
  name: string
  namespace: string
sessionAffinity: string
timeoutSec: integer
Fields
Name Description

affinityCookieTtlSec

 

Optional

integer

Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.

backend

 

Optional

list (object)

backend.[]

 

Optional

object

backend.[].balancingMode

 

Optional

string

Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) and CONNECTION (for TCP/SSL). Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]

backend.[].capacityScaler

 

Optional

float

A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].

backend.[].description

 

Optional

string

An optional description of this resource. Provide this property when you create the resource.

backend.[].group

 

Required*

object

Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. When the 'load_balancing_scheme' is INTERNAL, only instance groups are supported.

backend.[].group.instanceGroupRef

 

Optional

object

backend.[].group.instanceGroupRef.external

 

Optional

string

The selfLink of a ComputeInstanceGroup.

backend.[].group.instanceGroupRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

backend.[].group.instanceGroupRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

backend.[].group.networkEndpointGroupRef

 

Optional

object

backend.[].group.networkEndpointGroupRef.external

 

Optional

string

The selfLink of a ComputeNetworkEndpointGroup.

backend.[].group.networkEndpointGroupRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

backend.[].group.networkEndpointGroupRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

backend.[].maxConnections

 

Optional

integer

The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.

backend.[].maxConnectionsPerEndpoint

 

Optional

integer

The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.

backend.[].maxConnectionsPerInstance

 

Optional

integer

The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.

backend.[].maxRate

 

Optional

integer

The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.

backend.[].maxRatePerEndpoint

 

Optional

float

The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.

backend.[].maxRatePerInstance

 

Optional

float

The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.

backend.[].maxUtilization

 

Optional

float

Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. The default is 0.8. Valid range is [0.0, 1.0].

cdnPolicy

 

Optional

object

Cloud CDN configuration for this BackendService.

cdnPolicy.cacheKeyPolicy

 

Optional

object

The CacheKeyPolicy for this CdnPolicy.

cdnPolicy.cacheKeyPolicy.includeHost

 

Optional

boolean

If true requests to different hosts will be cached separately.

cdnPolicy.cacheKeyPolicy.includeProtocol

 

Optional

boolean

If true, http and https requests will be cached separately.

cdnPolicy.cacheKeyPolicy.includeQueryString

 

Optional

boolean

If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.

cdnPolicy.cacheKeyPolicy.queryStringBlacklist

 

Optional

list (string)

cdnPolicy.cacheKeyPolicy.queryStringBlacklist.[]

 

Optional

string

cdnPolicy.cacheKeyPolicy.queryStringWhitelist

 

Optional

list (string)

cdnPolicy.cacheKeyPolicy.queryStringWhitelist.[]

 

Optional

string

cdnPolicy.signedUrlCacheMaxAgeSec

 

Optional

integer

Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.

circuitBreakers

 

Optional

object

Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.

circuitBreakers.connectTimeout

 

Optional

object

The timeout for new network connections to hosts.

circuitBreakers.connectTimeout.nanos

 

Optional

integer

Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.

circuitBreakers.connectTimeout.seconds

 

Required*

integer

Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.

circuitBreakers.maxConnections

 

Optional

integer

The maximum number of connections to the backend cluster. Defaults to 1024.

circuitBreakers.maxPendingRequests

 

Optional

integer

The maximum number of pending requests to the backend cluster. Defaults to 1024.

circuitBreakers.maxRequests

 

Optional

integer

The maximum number of parallel requests to the backend cluster. Defaults to 1024.

circuitBreakers.maxRequestsPerConnection

 

Optional

integer

Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.

circuitBreakers.maxRetries

 

Optional

integer

The maximum number of parallel retries to the backend cluster. Defaults to 3.

connectionDrainingTimeoutSec

 

Optional

integer

Time for which instance will be drained (not accept new connections, but still work to finish started).

consistentHash

 

Optional

object

Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH.

consistentHash.httpCookie

 

Optional

object

Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE.

consistentHash.httpCookie.name

 

Optional

string

Name of the cookie.

consistentHash.httpCookie.path

 

Optional

string

Path to set for the cookie.

consistentHash.httpCookie.ttl

 

Optional

object

Lifetime of the cookie.

consistentHash.httpCookie.ttl.nanos

 

Optional

integer

Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.

consistentHash.httpCookie.ttl.seconds

 

Required*

integer

Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.

consistentHash.httpHeaderName

 

Optional

string

The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.

consistentHash.minimumRingSize

 

Optional

integer

The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.

customRequestHeaders

 

Optional

list (string)

customRequestHeaders.[]

 

Optional

string

description

 

Optional

string

An optional description of this resource.

enableCdn

 

Optional

boolean

If true, enable Cloud CDN for this BackendService.

failoverPolicy

 

Optional

object

Policy for failovers.

failoverPolicy.disableConnectionDrainOnFailover

 

Optional

boolean

On failover or failback, this field indicates whether connection drain will be honored. Setting this to true has the following effect: connections to the old active pool are not drained. Connections to the new active pool use the timeout of 10 min (currently fixed). Setting to false has the following effect: both old and new connections will have a drain timeout of 10 min. This can be set to true only if the protocol is TCP. The default is false.

failoverPolicy.dropTrafficIfUnhealthy

 

Optional

boolean

This option is used only when no healthy VMs are detected in the primary and backup instance groups. When set to true, traffic is dropped. When set to false, new connections are sent across all VMs in the primary group. The default is false.

failoverPolicy.failoverRatio

 

Optional

float

The value of the field must be in [0, 1]. If the ratio of the healthy VMs in the primary backend is at or below this number, traffic arriving at the load-balanced IP will be directed to the failover backend. In case where 'failoverRatio' is not set or all the VMs in the backup backend are unhealthy, the traffic will be directed back to the primary backend in the "force" mode, where traffic will be spread to the healthy VMs with the best effort, or to all VMs when no VM is healthy. This field is only used with l4 load balancing.

healthChecks

 

Required

list (object)

The health check resources for health checking this ComputeBackendService. Currently at most one health check can be specified, and a health check is required.

healthChecks.[]

 

Required

object

The health check resources for health checking this ComputeBackendService. Currently at most one health check can be specified, and a health check is required.

healthChecks.[].healthCheckRef

 

Optional

object

healthChecks.[].healthCheckRef.external

 

Optional

string

The selfLink of a ComputeHealthCheck.

healthChecks.[].healthCheckRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

healthChecks.[].healthCheckRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

healthChecks.[].httpHealthCheckRef

 

Optional

object

healthChecks.[].httpHealthCheckRef.external

 

Optional

string

The name of a ComputeHTTPHealthCheck.

healthChecks.[].httpHealthCheckRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

healthChecks.[].httpHealthCheckRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

iap

 

Optional

object

Settings for enabling Cloud Identity Aware Proxy

iap.oauth2ClientId

 

Required*

string

OAuth2 Client ID for IAP

iap.oauth2ClientSecret

 

Required*

object

OAuth2 Client Secret for IAP

iap.oauth2ClientSecret.value

 

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

iap.oauth2ClientSecret.valueFrom

 

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

iap.oauth2ClientSecret.valueFrom.secretKeyRef

 

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

iap.oauth2ClientSecret.valueFrom.secretKeyRef.key

 

Required*

string

Key that identifies the value to be extracted.

iap.oauth2ClientSecret.valueFrom.secretKeyRef.name

 

Required*

string

Name of the Secret to extract a value from.

iap.oauth2ClientSecretSha256

 

Optional

string

OAuth2 Client Secret SHA-256 for IAP

loadBalancingScheme

 

Optional

string

Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED"]

localityLbPolicy

 

Optional

string

The load balancing algorithm used within the scope of the locality. The possible values are - ROUND_ROBIN - This is a simple policy in which each healthy backend is selected in round robin order. LEAST_REQUEST - An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. RING_HASH - The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. RANDOM - The load balancer selects a random healthy host. ORIGINAL_DESTINATION - Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. MAGLEV - used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]

location

 

Required

string

Location represents the geographical location of the ComputeBackendService. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)

logConfig

 

Optional

object

This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver.

logConfig.enable

 

Optional

boolean

Whether to enable logging for the load balancer traffic served by this backend service.

logConfig.sampleRate

 

Optional

float

This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.

networkRef

 

Optional

object

The network to which this backend service belongs. This field can only be specified when the load balancing scheme is set to INTERNAL.

networkRef.external

 

Optional

string

The selfLink of a ComputeNetwork.

networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

outlierDetection

 

Optional

object

Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.

outlierDetection.baseEjectionTime

 

Optional

object

The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s.

outlierDetection.baseEjectionTime.nanos

 

Optional

integer

Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 'seconds' field and a positive 'nanos' field. Must be from 0 to 999,999,999 inclusive.

outlierDetection.baseEjectionTime.seconds

 

Required*

integer

Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.

outlierDetection.consecutiveErrors

 

Optional

integer

Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.

outlierDetection.consecutiveGatewayFailure

 

Optional

integer

The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.

outlierDetection.enforcingConsecutiveErrors

 

Optional

integer

The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.

outlierDetection.enforcingConsecutiveGatewayFailure

 

Optional

integer

The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.

outlierDetection.enforcingSuccessRate

 

Optional

integer

The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.

outlierDetection.interval

 

Optional

object

Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds.

outlierDetection.interval.nanos

 

Optional

integer

Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 'seconds' field and a positive 'nanos' field. Must be from 0 to 999,999,999 inclusive.

outlierDetection.interval.seconds

 

Required*

integer

Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.

outlierDetection.maxEjectionPercent

 

Optional

integer

Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.

outlierDetection.successRateMinimumHosts

 

Optional

integer

The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.

outlierDetection.successRateRequestVolume

 

Optional

integer

The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.

outlierDetection.successRateStdevFactor

 

Optional

integer

This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.

portName

 

Optional

string

Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.

protocol

 

Optional

string

The protocol this BackendService uses to communicate with backends. The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL"]

securityPolicyRef

 

Optional

object

The security policy associated with this backend service.

securityPolicyRef.external

 

Optional

string

The selfLink of a ComputeSecurityPolicy.

securityPolicyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

securityPolicyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

sessionAffinity

 

Optional

string

Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]

timeoutSec

 

Optional

integer

How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds. Valid range is [1, 86400].

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
fingerprint: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

fingerprint

string

Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.

selfLink

string

ComputeDisk

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name
v1.disks
v1.regionDisks
Google Cloud REST Resource Documentation
/compute/docs/reference/rest/v1/disks
/compute/docs/reference/rest/v1/regionDisks
Config Connector Resource Short Names gcpcomputedisk
gcpcomputedisks
computedisk
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computedisks.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

ComputeDisk can manage both zonal and regional disks. To manage a zonal or regional disk, in the spec.location field use the name of a zone or region respectively.

Sample YAML(s)

Regional Compute Disk

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
  name: computedisk-dep-regional
spec:
  location: us-west1-c
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
  name: computedisk-sample-regional
  labels:
    extra-gb: "100"
spec:
  description: A 600GB regional disk from a 500GB snapshot.
  location: us-central1
  replicaZones:
    - "us-central1-a"
    - "us-central1-f"
  size: 600
  physicalBlockSizeBytes: 16384
  snapshotRef:
    name: computedisk-dep-regional
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSnapshot
metadata:
  name: computedisk-dep-regional
spec:
  sourceDiskRef:
    name: computedisk-dep-regional
  zone: us-west1-c

Zonal Compute Disk

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
  name: computedisk-sample-zonal
  labels:
    label-one: "value-one"
spec:
  description: a sample encrypted, blank disk
  diskEncryptionKey:
    rawKey:
      valueFrom:
        secretKeyRef:
          name: computedisk-dep-zonal
          key: sharedSecret
  physicalBlockSizeBytes: 4096
  size: 1
  type: pd-ssd
  location: us-west1-c
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Secret
metadata:
  name: computedisk-dep-zonal
stringData:
  sharedSecret: "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
diskEncryptionKey:
  kmsKeyRef:
    external: string
    name: string
    namespace: string
  rawKey:
    value: string
    valueFrom:
      secretKeyRef:
        key: string
        name: string
  sha256: string
imageRef:
  external: string
  name: string
  namespace: string
location: string
physicalBlockSizeBytes: integer
replicaZones:
- string
resourcePolicies:
- external: string
  name: string
  namespace: string
size: integer
snapshotRef:
  external: string
  name: string
  namespace: string
sourceImageEncryptionKey:
  kmsKeyRef:
    external: string
    name: string
    namespace: string
  rawKey: string
  sha256: string
sourceSnapshotEncryptionKey:
  kmsKeyRef:
    external: string
    name: string
    namespace: string
  rawKey: string
  sha256: string
type: string
Fields
Name Description

description

 

Optional

string

An optional description of this resource. Provide this property when you create the resource.

diskEncryptionKey

 

Optional

object

Encrypts the disk using a customer-supplied encryption key. After you encrypt a disk with a customer-supplied key, you must provide the same key if you use the disk later (e.g. to create a disk snapshot or an image, or to attach the disk to a virtual machine). Customer-supplied encryption keys do not protect access to metadata of the disk. If you do not provide an encryption key when creating the disk, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later.

diskEncryptionKey.kmsKeyRef

 

Optional

object

The encryption key used to encrypt the disk. Your project's Compute Engine System service account ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys

diskEncryptionKey.kmsKeyRef.external

 

Optional

string

The selfLink of a KMSCryptoKey.

diskEncryptionKey.kmsKeyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

diskEncryptionKey.kmsKeyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

diskEncryptionKey.rawKey

 

Optional

object

Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

diskEncryptionKey.rawKey.value

 

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

diskEncryptionKey.rawKey.valueFrom

 

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

diskEncryptionKey.rawKey.valueFrom.secretKeyRef

 

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

diskEncryptionKey.rawKey.valueFrom.secretKeyRef.key

 

Required*

string

Key that identifies the value to be extracted.

diskEncryptionKey.rawKey.valueFrom.secretKeyRef.name

 

Required*

string

Name of the Secret to extract a value from.

diskEncryptionKey.sha256

 

Optional

string

The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

imageRef

 

Optional

object

The image from which to initialize this disk.

imageRef.external

 

Optional

string

The selfLink of a ComputeImage.

imageRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

imageRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

location

 

Required

string

Location represents the geographical location of the ComputeDisk. Specify a region name or a zone name. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)

physicalBlockSizeBytes

 

Optional

integer

Physical block size of the persistent disk, in bytes. If not present in a request, a default value is used. Currently supported sizes are 4096 and 16384, other sizes may be added in the future. If an unsupported value is requested, the error message will list the supported values for the caller's project.

replicaZones

 

Optional

list (string)

replicaZones.[]

 

Optional

string

resourcePolicies

 

Optional

list (object)

Resource policies applied to this disk for automatic snapshot creations.

resourcePolicies.[]

 

Optional

object

Resource policies applied to this disk for automatic snapshot creations.

resourcePolicies.[].external

 

Optional

string

The selfLink of a ComputeResourcePolicy.

resourcePolicies.[].name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

resourcePolicies.[].namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

size

 

Optional

integer

Size of the persistent disk, specified in GB. You can specify this field when creating a persistent disk using the 'image' or 'snapshot' parameter, or specify it alone to create an empty persistent disk. If you specify this field along with 'image' or 'snapshot', the value must not be less than the size of the image or the size of the snapshot.

snapshotRef

 

Optional

object

The source snapshot used to create this disk.

snapshotRef.external

 

Optional

string

The selfLink of a ComputeSnapshot.

snapshotRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

snapshotRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

sourceImageEncryptionKey

 

Optional

object

The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key.

sourceImageEncryptionKey.kmsKeyRef

 

Optional

object

The encryption key used to encrypt the disk. Your project's Compute Engine System service account ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys

sourceImageEncryptionKey.kmsKeyRef.external

 

Optional

string

The selfLink of a KMSCryptoKey.

sourceImageEncryptionKey.kmsKeyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

sourceImageEncryptionKey.kmsKeyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

sourceImageEncryptionKey.rawKey

 

Optional

string

Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

sourceImageEncryptionKey.sha256

 

Optional

string

The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

sourceSnapshotEncryptionKey

 

Optional

object

The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key.

sourceSnapshotEncryptionKey.kmsKeyRef

 

Optional

object

The encryption key used to encrypt the disk. Your project's Compute Engine System service account ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys

sourceSnapshotEncryptionKey.kmsKeyRef.external

 

Optional

string

The selfLink of a KMSCryptoKey.

sourceSnapshotEncryptionKey.kmsKeyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

sourceSnapshotEncryptionKey.kmsKeyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

sourceSnapshotEncryptionKey.rawKey

 

Optional

string

Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

sourceSnapshotEncryptionKey.sha256

 

Optional

string

The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

type

 

Optional

string

URL of the disk type resource describing which disk type to use to create the disk. Provide this when creating the disk.

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
labelFingerprint: string
lastAttachTimestamp: string
lastDetachTimestamp: string
selfLink: string
sourceImageId: string
sourceSnapshotId: string
users:
- string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

labelFingerprint

string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

lastAttachTimestamp

string

Last attach timestamp in RFC3339 text format.

lastDetachTimestamp

string

Last detach timestamp in RFC3339 text format.

selfLink

string

sourceImageId

string

The ID value of the image used to create this disk. This value identifies the exact image that was used to create this persistent disk. For example, if you created the persistent disk from an image that was later deleted and recreated under the same name, the source image ID would identify the exact version of the image that was used.

sourceSnapshotId

string

The unique ID of the snapshot used to create this disk. This value identifies the exact snapshot that was used to create this persistent disk. For example, if you created the persistent disk from a snapshot that was later deleted and recreated under the same name, the source snapshot ID would identify the exact version of the snapshot that was used.

users

list (string)

users.[]

string

ComputeExternalVPNGateway

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name beta.externalVpnGateways
Google Cloud REST Resource Documentation /compute/docs/reference/rest/beta/externalVpnGateways
Config Connector Resource Short Names gcpcomputeexternalvpngateway
gcpcomputeexternalvpngateways
computeexternalvpngateway
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeexternalvpngateways.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeExternalVPNGateway
metadata:
  name: computeexternalvpngateway-sample
  labels:
    label-one: "value-one"
spec:
  description: an external vpn gateway
  redundancyType: "SINGLE_IP_INTERNALLY_REDUNDANT"
  interface:
    - id: 0
      ipAddress: "8.8.8.8"

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
interface:
- id: integer
  ipAddress: string
redundancyType: string
Fields
Name Description

description

 

Optional

string

An optional description of this resource.

interface

 

Optional

list (object)

interface.[]

 

Optional

object

interface.[].id

 

Optional

integer

The numberic ID for this interface. Allowed values are based on the redundancy type of this external VPN gateway * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' * '0, 1 - TWO_IPS_REDUNDANCY' * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'

interface.[].ipAddress

 

Optional

string

IP address of the interface in the external VPN gateway. Only IPv4 is supported. This IP address can be either from your on-premise gateway or another Cloud provider’s VPN gateway, it cannot be an IP address from Google Compute Engine.

redundancyType

 

Optional

string

Indicates the redundancy type of this external VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", "TWO_IPS_REDUNDANCY"]

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

selfLink

string

ComputeFirewall

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.firewalls
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/firewalls
Config Connector Resource Short Names gcpcomputefirewall
gcpcomputefirewalls
computefirewall
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computefirewalls.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Allow Rule Firewall

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeFirewall
metadata:
  labels:
    label-one: "value-one"
  name: computefirewall-sample-allow
spec:
  allow:
    - protocol: tcp
      ports:
       - "80"
       - "1000-2000"
  networkRef:
    name: computefirewall-dep-allow
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computefirewall-dep-allow
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false

Deny Rule Firewall

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeFirewall
metadata:
  labels:
    label-one: "value-one"
  name: computefirewall-sample-deny
spec:
  deny:
    - protocol: icmp
  networkRef:
    name: computefirewall-dep-deny
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computefirewall-dep-deny
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
allow:
- ports:
  - string
  protocol: string
deny:
- ports:
  - string
  protocol: string
description: string
destinationRanges:
- string
direction: string
disabled: boolean
enableLogging: boolean
networkRef:
  external: string
  name: string
  namespace: string
priority: integer
sourceRanges:
- string
sourceServiceAccounts:
- external: string
  name: string
  namespace: string
sourceTags:
- string
targetServiceAccounts:
- external: string
  name: string
  namespace: string
targetTags:
- string
Fields
Name Description

allow

 

Optional

list (object)

allow.[]

 

Optional

object

allow.[].ports

 

Optional

list (string)

allow.[].ports.[]

 

Optional

string

allow.[].protocol

 

Required*

string

The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp, ipip), or the IP protocol number.

deny

 

Optional

list (object)

deny.[]

 

Optional

object

deny.[].ports

 

Optional

list (string)

deny.[].ports.[]

 

Optional

string

deny.[].protocol

 

Required*

string

The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp, ipip), or the IP protocol number.

description

 

Optional

string

An optional description of this resource. Provide this property when you create the resource.

destinationRanges

 

Optional

list (string)

destinationRanges.[]

 

Optional

string

direction

 

Optional

string

Direction of traffic to which this firewall applies; default is INGRESS. Note: For INGRESS traffic, it is NOT supported to specify destinationRanges; For EGRESS traffic, it is NOT supported to specify sourceRanges OR sourceTags. Possible values: ["INGRESS", "EGRESS"]

disabled

 

Optional

boolean

Denotes whether the firewall rule is disabled, i.e not applied to the network it is associated with. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.

enableLogging

 

Optional

boolean

This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver.

networkRef

 

Required

object

The network to attach this firewall to.

networkRef.external

 

Optional

string

The name of a ComputeNetwork.

networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

priority

 

Optional

integer

Priority for this rule. This is an integer between 0 and 65535, both inclusive. When not specified, the value assumed is 1000. Relative priorities determine precedence of conflicting rules. Lower value of priority implies higher precedence (eg, a rule with priority 0 has higher precedence than a rule with priority 1). DENY rules take precedence over ALLOW rules having equal priority.

sourceRanges

 

Optional

list (string)

sourceRanges.[]

 

Optional

string

sourceServiceAccounts

 

Optional

list (object)

If source service accounts are specified, the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both properties for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.

sourceServiceAccounts.[]

 

Optional

object

If source service accounts are specified, the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both properties for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.

sourceServiceAccounts.[].external

 

Optional

string

The email of an IAMServiceAccount.

sourceServiceAccounts.[].name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

sourceServiceAccounts.[].namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

sourceTags

 

Optional

list (string)

sourceTags.[]

 

Optional

string

targetServiceAccounts

 

Optional

list (object)

A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.

targetServiceAccounts.[]

 

Optional

object

A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.

targetServiceAccounts.[].external

 

Optional

string

The email of an IAMServiceAccount.

targetServiceAccounts.[].name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

targetServiceAccounts.[].namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

targetTags

 

Optional

list (string)

targetTags.[]

 

Optional

string

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

selfLink

string

ComputeForwardingRule

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name
v1.forwardingRules
v1.globalForwardingRules
Google Cloud REST Resource Documentation
/compute/docs/reference/rest/v1/forwardingRules
/compute/docs/reference/rest/v1/globalForwardingRules
Config Connector Resource Short Names gcpcomputeforwardingrule
gcpcomputeforwardingrules
computeforwardingrule
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeforwardingrules.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

ComputeForwardingRule can manage both global and regional forwarding rules. To manage a global ComputeForwardingRule use a value of global in the spec.location field. To manage a regional ComputeForwardingRule, use a region name in the spec.location field.

Sample YAML(s)

Global Forwarding Rule

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
  name: computeforwardingrule-dep-global
spec:
  healthChecks:
    - healthCheckRef:
        name: computeforwardingrule-dep-global
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
  labels:
    label-one: "value-one"
  name: computeforwardingrule-sample-global
spec:
  description: "A global forwarding rule"
  target:
    targetHTTPProxyRef:
      name: computeforwardingrule-dep-global
  portRange: "80"
  ipProtocol: "TCP"
  ipVersion: "IPV4"
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
  name: computeforwardingrule-dep-global
spec:
  checkIntervalSec: 10
  httpHealthCheck:
    port: 80
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetHTTPProxy
metadata:
  name: computeforwardingrule-dep-global
spec:
  urlMapRef:
    name: computeforwardingrule-dep-global
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeURLMap
metadata:
  name: computeforwardingrule-dep-global
spec:
  defaultService:
    backendServiceRef:
      name: computeforwardingrule-dep-global
  location: global

Regional Forwarding Rule

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
  name: computeforwardingrule-dep-regional
  labels:
    label-one: "value-one"
spec:
  location: us-central1
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
  labels:
    label-one: "value-one"
  name: computeforwardingrule-sample-regional
spec:
  description: "A regional forwarding rule"
  target:
    targetVPNGatewayRef:
      name: computeforwardingrule-dep-regional
  ipProtocol: "ESP"
  location: us-central1
  ipAddress:
    addressRef:
      name: computeforwardingrule-dep-regional
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computeforwardingrule-dep-regional
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetVPNGateway
metadata:
  name: computeforwardingrule-dep-regional
spec:
  description: a regional target vpn gateway
  region: us-central1
  networkRef:
    name: computeforwardingrule-dep-regional

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
allPorts: boolean
allowGlobalAccess: boolean
backendServiceRef:
  external: string
  name: string
  namespace: string
description: string
ipAddress:
  addressRef:
    external: string
    name: string
    namespace: string
  ip: string
ipProtocol: string
ipVersion: string
isMirroringCollector: boolean
loadBalancingScheme: string
location: string
metadataFilters:
- filterLabels:
  - name: string
    value: string
  filterMatchCriteria: string
networkRef:
  external: string
  name: string
  namespace: string
networkTier: string
portRange: string
ports:
- string
serviceLabel: string
subnetworkRef:
  external: string
  name: string
  namespace: string
target:
  targetHTTPProxyRef:
    external: string
    name: string
    namespace: string
  targetHTTPSProxyRef:
    external: string
    name: string
    namespace: string
  targetVPNGatewayRef:
    external: string
    name: string
    namespace: string
Fields
Name Description

allPorts

 

Optional

boolean

For internal TCP/UDP load balancing (i.e. load balancing scheme is INTERNAL and protocol is TCP/UDP), set this to true to allow packets addressed to any ports to be forwarded to the backends configured with this forwarding rule. Used with backend service. Cannot be set if port or portRange are set.

allowGlobalAccess

 

Optional

boolean

If true, clients can access ILB from all regions. Otherwise only allows from the local region the ILB is located at.

backendServiceRef

 

Optional

object

A ComputeBackendService to receive the matched traffic. This is used only for internal load balancing.

backendServiceRef.external

 

Optional

string

The selfLink of a ComputeBackendService.

backendServiceRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

backendServiceRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

description

 

Optional

string

An optional description of this resource. Provide this property when you create the resource.

ipAddress

 

Optional

object

The IP address that this forwarding rule is serving on behalf of. Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL or INTERNAL) and scope (global or regional). When the load balancing scheme is EXTERNAL, for global forwarding rules, the address must be a global IP, and for regional forwarding rules, the address must live in the same region as the forwarding rule. If this field is empty, an ephemeral IPv4 address from the same scope (global or regional) will be assigned. A regional forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6. When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address belonging to the network/subnet configured for the forwarding rule. By default, if this field is empty, an ephemeral internal IP address will be automatically allocated from the IP range of the subnet or network configured for this forwarding rule.

ipAddress.addressRef

 

Optional

object

ipAddress.addressRef.external

 

Optional

string

The address of a ComputeAddress.

ipAddress.addressRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

ipAddress.addressRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

ipAddress.ip

 

Optional

string

ipProtocol

 

Optional

string

The IP protocol to which this rule applies. When the load balancing scheme is INTERNAL, only TCP and UDP are valid. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP"]

ipVersion

 

Optional

string

The IP Version that will be used by this global forwarding rule. Possible values: ["IPV4", "IPV6"]

isMirroringCollector

 

Optional

boolean

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

loadBalancingScheme

 

Optional

string

This signifies what the ForwardingRule will be used for and can be EXTERNAL, INTERNAL, or INTERNAL_MANAGED. EXTERNAL is used for Classic Cloud VPN gateways, protocol forwarding to VMs from an external IP address, and HTTP(S), SSL Proxy, TCP Proxy, and Network TCP/UDP load balancers. INTERNAL is used for protocol forwarding to VMs from an internal IP address, and internal TCP/UDP load balancers. INTERNAL_MANAGED is used for internal HTTP(S) load balancers. Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL", "INTERNAL_MANAGED"]

location

 

Required

string

Location represents the geographical location of the ComputeForwardingRule. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)

metadataFilters

 

Optional

list (object)

metadataFilters.[]

 

Optional

object

metadataFilters.[].filterLabels

 

Required*

list (object)

metadataFilters.[].filterLabels.[]

 

Required*

object

metadataFilters.[].filterLabels.[].name

 

Required*

string

Name of the metadata label. The length must be between 1 and 1024 characters, inclusive.

metadataFilters.[].filterLabels.[].value

 

Required*

string

The value that the label must match. The value has a maximum length of 1024 characters.

metadataFilters.[].filterMatchCriteria

 

Required*

string

Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. Possible values: ["MATCH_ANY", "MATCH_ALL"]

networkRef

 

Optional

object

This field is not used for external load balancing. For internal load balancing, this field identifies the network that the load balanced IP should belong to for this forwarding rule. If this field is not specified, the default network will be used.

networkRef.external

 

Optional

string

The name of a ComputeNetwork.

networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

networkTier

 

Optional

string

The networking tier used for configuring this address. If this field is not specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]

portRange

 

Optional

string

This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target. Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: * TargetHttpProxy: 80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetVpnGateway: 500, 4500

ports

 

Optional

list (string)

ports.[]

 

Optional

string

serviceLabel

 

Optional

string

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

subnetworkRef

 

Optional

object

The subnetwork that the load balanced IP should belong to for this forwarding rule. This field is only used for internal load balancing. If the network specified is in auto subnet mode, this field is optional. However, if the network is in custom subnet mode, a subnetwork must be specified.

subnetworkRef.external

 

Optional

string

The name of a ComputeSubnetwork.

subnetworkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

subnetworkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

target

 

Optional

object

The target resource to receive the matched traffic. The forwarded traffic must be of a type appropriate to the target object. For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets are valid.

target.targetHTTPProxyRef

 

Optional

object

target.targetHTTPProxyRef.external

 

Optional

string

The selfLink of a ComputeTargetHTTPProxy.

target.targetHTTPProxyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

target.targetHTTPProxyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

target.targetHTTPSProxyRef

 

Optional

object

target.targetHTTPSProxyRef.external

 

Optional

string

The selfLink of a ComputeTargetHTTPSProxy.

target.targetHTTPSProxyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

target.targetHTTPSProxyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

target.targetVPNGatewayRef

 

Optional

object

target.targetVPNGatewayRef.external

 

Optional

string

The selfLink of a ComputeTargetVPNGateway.

target.targetVPNGatewayRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

target.targetVPNGatewayRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
labelFingerprint: string
selfLink: string
serviceName: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

labelFingerprint

string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

selfLink

string

serviceName

string

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

ComputeHealthCheck

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name
v1.healthChecks
v1.regionHealthChecks
Google Cloud REST Resource Documentation
/compute/docs/reference/rest/v1/healthChecks
/compute/docs/reference/rest/v1/regionHealthChecks
Config Connector Resource Short Names gcpcomputehealthcheck
gcpcomputehealthchecks
computehealthcheck
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computehealthchecks.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

ComputeHealthCheck can manage both global and regional health checks. To manage a global ComputeHealthCheck use a value of global in the spec.location field. To manage a regional ComputeHealthCheck, use a region name in the spec.location field.

Sample YAML(s)

Global Health Check

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
  name: computehealthcheck-sample-global
spec:
  checkIntervalSec: 10
  httpHealthCheck:
    port: 80
  location: global

Regional Health Check

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
  name: computehealthcheck-sample-regional
spec:
  checkIntervalSec: 10
  httpHealthCheck:
    port: 80
  location: us-central1

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
checkIntervalSec: integer
description: string
healthyThreshold: integer
http2HealthCheck:
  host: string
  port: integer
  portName: string
  portSpecification: string
  proxyHeader: string
  requestPath: string
  response: string
httpHealthCheck:
  host: string
  port: integer
  portName: string
  portSpecification: string
  proxyHeader: string
  requestPath: string
  response: string
httpsHealthCheck:
  host: string
  port: integer
  portName: string
  portSpecification: string
  proxyHeader: string
  requestPath: string
  response: string
location: string
logConfig:
  enable: boolean
sslHealthCheck:
  port: integer
  portName: string
  portSpecification: string
  proxyHeader: string
  request: string
  response: string
tcpHealthCheck:
  port: integer
  portName: string
  portSpecification: string
  proxyHeader: string
  request: string
  response: string
timeoutSec: integer
unhealthyThreshold: integer
Fields
Name Description

checkIntervalSec

 

Optional

integer

How often (in seconds) to send a health check. The default value is 5 seconds.

description

 

Optional

string

An optional description of this resource. Provide this property when you create the resource.

healthyThreshold

 

Optional

integer

A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.

http2HealthCheck

 

Optional

object

A nested object resource

http2HealthCheck.host

 

Optional

string

The value of the host header in the HTTP2 health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.

http2HealthCheck.port

 

Optional

integer

The TCP port number for the HTTP2 health check request. The default value is 443.

http2HealthCheck.portName

 

Optional

string

Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.

http2HealthCheck.portSpecification

 

Optional

string

Specifies how port is selected for health checking, can be one of the following values: * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. * 'USE_NAMED_PORT': The 'portName' is used for health checking. * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, HTTP2 health check follows behavior specified in 'port' and 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]

http2HealthCheck.proxyHeader

 

Optional

string

Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]

http2HealthCheck.requestPath

 

Optional

string

The request path of the HTTP2 health check request. The default value is /.

http2HealthCheck.response

 

Optional

string

The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII.

httpHealthCheck

 

Optional

object

A nested object resource

httpHealthCheck.host

 

Optional

string

The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.

httpHealthCheck.port

 

Optional

integer

The TCP port number for the HTTP health check request. The default value is 80.

httpHealthCheck.portName

 

Optional

string

Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.

httpHealthCheck.portSpecification

 

Optional

string

Specifies how port is selected for health checking, can be one of the following values: * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. * 'USE_NAMED_PORT': The 'portName' is used for health checking. * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, HTTP health check follows behavior specified in 'port' and 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]

httpHealthCheck.proxyHeader

 

Optional

string

Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]

httpHealthCheck.requestPath

 

Optional

string

The request path of the HTTP health check request. The default value is /.

httpHealthCheck.response

 

Optional

string

The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII.

httpsHealthCheck

 

Optional

object

A nested object resource

httpsHealthCheck.host

 

Optional

string

The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.

httpsHealthCheck.port

 

Optional

integer

The TCP port number for the HTTPS health check request. The default value is 443.

httpsHealthCheck.portName

 

Optional

string

Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.

httpsHealthCheck.portSpecification

 

Optional

string

Specifies how port is selected for health checking, can be one of the following values: * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. * 'USE_NAMED_PORT': The 'portName' is used for health checking. * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, HTTPS health check follows behavior specified in 'port' and 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]

httpsHealthCheck.proxyHeader

 

Optional

string

Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]

httpsHealthCheck.requestPath

 

Optional

string

The request path of the HTTPS health check request. The default value is /.

httpsHealthCheck.response

 

Optional

string

The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII.

location

 

Required

string

Location represents the geographical location of the ComputeHealthCheck. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)

logConfig

 

Optional

object

Configure logging on this health check.

logConfig.enable

 

Optional

boolean

Indicates whether or not to export logs. This is false by default, which means no health check logging will be done.

sslHealthCheck

 

Optional

object

A nested object resource

sslHealthCheck.port

 

Optional

integer

The TCP port number for the SSL health check request. The default value is 443.

sslHealthCheck.portName

 

Optional

string

Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.

sslHealthCheck.portSpecification

 

Optional

string

Specifies how port is selected for health checking, can be one of the following values: * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. * 'USE_NAMED_PORT': The 'portName' is used for health checking. * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, SSL health check follows behavior specified in 'port' and 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]

sslHealthCheck.proxyHeader

 

Optional

string

Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]

sslHealthCheck.request

 

Optional

string

The application data to send once the SSL connection has been established (default value is empty). If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII.

sslHealthCheck.response

 

Optional

string

The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII.

tcpHealthCheck

 

Optional

object

A nested object resource

tcpHealthCheck.port

 

Optional

integer

The TCP port number for the TCP health check request. The default value is 443.

tcpHealthCheck.portName

 

Optional

string

Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.

tcpHealthCheck.portSpecification

 

Optional

string

Specifies how port is selected for health checking, can be one of the following values: * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. * 'USE_NAMED_PORT': The 'portName' is used for health checking. * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking. For other backends, the port or named port specified in the Backend Service is used for health checking. If not specified, TCP health check follows behavior specified in 'port' and 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]

tcpHealthCheck.proxyHeader

 

Optional

string

Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]

tcpHealthCheck.request

 

Optional

string

The application data to send once the TCP connection has been established (default value is empty). If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII.

tcpHealthCheck.response

 

Optional

string

The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII.

timeoutSec

 

Optional

integer

How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.

unhealthyThreshold

 

Optional

integer

A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
selfLink: string
type: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

selfLink

string

type

string

The type of the health check. One of HTTP, HTTPS, TCP, or SSL.

ComputeHTTPHealthCheck

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.httpHealthChecks
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/httpHealthChecks
Config Connector Resource Short Names gcpcomputehttphealthcheck
gcpcomputehttphealthchecks
computehttphealthcheck
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computehttphealthchecks.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHTTPHealthCheck
metadata:
  name: computehttphealthcheck-sample
spec:
  checkIntervalSec: 10
  description: example HTTP health check
  healthyThreshold: 2
  port: 80
  requestPath: /
  timeoutSec: 5
  unhealthyThreshold: 2

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
checkIntervalSec: integer
description: string
healthyThreshold: integer
host: string
port: integer
requestPath: string
timeoutSec: integer
unhealthyThreshold: integer
Fields
Name Description

checkIntervalSec

 

Optional

integer

How often (in seconds) to send a health check. The default value is 5 seconds.

description

 

Optional

string

An optional description of this resource. Provide this property when you create the resource.

healthyThreshold

 

Optional

integer

A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.

host

 

Optional

string

The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.

port

 

Optional

integer

The TCP port number for the HTTP health check request. The default value is 80.

requestPath

 

Optional

string

The request path of the HTTP health check request. The default value is /.

timeoutSec

 

Optional

integer

How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.

unhealthyThreshold

 

Optional

integer

A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

selfLink

string

ComputeHTTPSHealthCheck

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.httpsHealthChecks
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/httpsHealthChecks
Config Connector Resource Short Names gcpcomputehttpshealthcheck
gcpcomputehttpshealthchecks
computehttpshealthcheck
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computehttpshealthchecks.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHTTPSHealthCheck
metadata:
  name: computehttpshealthcheck-sample
spec:
  checkIntervalSec: 10
  description: example HTTPS health check
  healthyThreshold: 2
  port: 80
  requestPath: /
  timeoutSec: 5
  unhealthyThreshold: 2

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
checkIntervalSec: integer
description: string
healthyThreshold: integer
host: string
port: integer
requestPath: string
timeoutSec: integer
unhealthyThreshold: integer
Fields
Name Description

checkIntervalSec

 

Optional

integer

How often (in seconds) to send a health check. The default value is 5 seconds.

description

 

Optional

string

An optional description of this resource. Provide this property when you create the resource.

healthyThreshold

 

Optional

integer

A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.

host

 

Optional

string

The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.

port

 

Optional

integer

The TCP port number for the HTTPS health check request. The default value is 80.

requestPath

 

Optional

string

The request path of the HTTPS health check request. The default value is /.

timeoutSec

 

Optional

integer

How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.

unhealthyThreshold

 

Optional

integer

A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

selfLink

string

ComputeImage

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.images
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/images
Config Connector Resource Short Names gcpcomputeimage
gcpcomputeimages
computeimage
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeimages.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Image From Existing Disk

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
  name: computeimage-dep-fromexistingdisk
spec:
  location: us-central1-a
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeImage
metadata:
  name: computeimage-sample-fromexistingdisk
spec:
  description: A sample image created from an empty disk resource
  diskRef:
    name: computeimage-dep-fromexistingdisk
  diskSizeGb: 0

Image From Url Raw

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeImage
metadata:
  name: computeimage-sample-fromurlraw
  labels:
    image-type: stemcell
spec:
  description: A sample image created from URL to a raw TAR disk image
  family: ubuntu-custom
  licenses: ["https://ubuntu.com/licensing"]
  rawDisk:
    source: "https://storage.googleapis.com/bosh-cpi-artifacts/bosh-stemcell-3262.7-google-kvm-ubuntu-trusty-go_agent-raw.tar.gz"
    containerType: "TAR"
    sha1: d0646960085a472899db41f6065e6b627919b3a9

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
diskRef:
  external: string
  name: string
  namespace: string
diskSizeGb: integer
family: string
guestOsFeatures:
- type: string
licenses:
- string
rawDisk:
  containerType: string
  sha1: string
  source: string
Fields
Name Description

description

 

Optional

string

An optional description of this resource. Provide this property when you create the resource.

diskRef

 

Optional

object

The source disk to create this image based on. You must provide either this property or the rawDisk.source property but not both to create an image.

diskRef.external

 

Optional

string

The selfLink of a ComputeDisk.

diskRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

diskRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

diskSizeGb

 

Optional

integer

Size of the image when restored onto a persistent disk (in GB).

family

 

Optional

string

The name of the image family to which this image belongs. You can create disks by specifying an image family instead of a specific image name. The image family always returns its latest image that is not deprecated. The name of the image family must comply with RFC1035.

guestOsFeatures

 

Optional

list (object)

guestOsFeatures.[]

 

Optional

object

guestOsFeatures.[].type

 

Required*

string

The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: ["MULTI_IP_SUBNET", "SECURE_BOOT", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "WINDOWS"]

licenses

 

Optional

list (string)

licenses.[]

 

Optional

string

rawDisk

 

Optional

object

The parameters of the raw disk image.

rawDisk.containerType

 

Optional

string

The format used to encode and transmit the block device, which should be TAR. This is just a container and transmission format and not a runtime format. Provided by the client when the disk image is created. Default value: "TAR" Possible values: ["TAR"]

rawDisk.sha1

 

Optional

string

An optional SHA1 checksum of the disk image before unpackaging. This is provided by the client when the disk image is created.

rawDisk.source

 

Required*

string

The full Google Cloud Storage URL where disk storage is stored You must provide either this property or the sourceDisk property but not both.

* Field is required when parent field is specified

Status

Schema
archiveSizeBytes: integer
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
labelFingerprint: string
selfLink: string
Fields
archiveSizeBytes

integer

Size of the image tar.gz archive stored in Google Cloud Storage (in bytes).

conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

labelFingerprint

string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

selfLink

string

ComputeInstance

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.instances
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/instances
Config Connector Resource Short Names gcpcomputeinstance
gcpcomputeinstances
computeinstance
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeinstances.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember Yes
Supports IAM Conditions Yes
IAM External Reference Format

projects/{{project}}/zones/{{zone}}/instances/{{name}}

Sample YAML(s)

Cloud Machine Instance

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
  name: computeinstance-dep1-cloudmachine
spec:
  description: a sample encrypted, blank disk
  physicalBlockSizeBytes: 4096
  size: 1
  type: pd-ssd
  location: us-west1-a
  diskEncryptionKey:
    rawKey:
      valueFrom:
        secretKeyRef:
          name: computeinstance-dep-cloudmachine
          key: diskEncryptionKey
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
  name: computeinstance-dep2-cloudmachine
spec:
  size: 1
  type: pd-ssd
  location: us-west1-a
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstance
metadata:
  annotations:
    cnrm.cloud.google.com/allow-stopping-for-update: "true"
  name: computeinstance-sample-cloudmachine
  labels:
    created-from: "image"
    network-type: "subnetwork"
spec:
  machineType: n1-standard-1
  zone: us-west1-a
  bootDisk:
    initializeParams:
      size: 24
      type: pd-ssd
      sourceImageRef:
        external: debian-cloud/debian-9
  networkInterface:
    - subnetworkRef:
        name: computeinstance-dep-cloudmachine
      aliasIpRange:
        - ipCidrRange: /24
          subnetworkRangeName: cloudrange
  attachedDisk:
    - sourceDiskRef:
        name: computeinstance-dep1-cloudmachine
      mode: READ_ONLY
      deviceName: proxycontroldisk
      diskEncryptionKeyRaw:
        valueFrom:
          secretKeyRef:
            name: computeinstance-dep-cloudmachine
            key: diskEncryptionKey
    - sourceDiskRef:
        name: computeinstance-dep2-cloudmachine
      mode: READ_WRITE
      deviceName: persistentdisk
  minCpuPlatform: "Intel Skylake"
  serviceAccount:
    serviceAccountRef:
      name: inst-dep-cloudmachine
    scopes:
    - compute-rw
    - logging-write
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computeinstance-dep-cloudmachine
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
  name: computeinstance-dep-cloudmachine
spec:
  networkRef:
    name: computeinstance-dep-cloudmachine
  ipCidrRange: 10.2.0.0/16
  region: us-west1
  secondaryIpRange:
    - rangeName: cloudrange
      ipCidrRange: 10.3.16.0/20
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
  name: inst-dep-cloudmachine
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Secret
metadata:
  name: computeinstance-dep-cloudmachine
stringData:
  diskEncryptionKey: "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="

Instance From Template

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
  name: computeinstance-dep-fromtemplate
spec:
  physicalBlockSizeBytes: 4096
  size: 1
  type: pd-ssd
  location: us-west1-c
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstance
metadata:
  annotations:
    cnrm.cloud.google.com/allow-stopping-for-update: "false"
  name: computeinstance-sample-fromtemplate
  labels:
    created-from: "template"
    override-type: "largermachine"
spec:
  machineType: n1-standard-2
  instanceTemplateRef:
    name: computeinstance-dep-fromtemplate
  zone: us-west1-c
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstanceTemplate
metadata:
  name: computeinstance-dep-fromtemplate
spec:
  machineType: n1-standard-1
  region: us-west1
  disk:
    - sourceDiskRef:
        name: computeinstance-dep-fromtemplate
      boot: true
  networkInterface:
    - networkRef:
        name: computeinstance-dep-fromtemplate
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computeinstance-dep-fromtemplate
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: true

Network Worker Instance

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
  name: computeinstance-dep-networkworker
spec:
  description: a sample external address
  location: us-west1
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
  name: computeinstance-dep-networkworker
spec:
  description: a sample encrypted, blank disk
  physicalBlockSizeBytes: 4096
  size: 1
  type: pd-ssd
  location: us-west1-b
  diskEncryptionKey:
    rawKey:
      valueFrom:
        secretKeyRef:
          name: computeinstance-dep-networkworker
          key: diskEncryptionKey
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstance
metadata:
  annotations:
    cnrm.cloud.google.com/allow-stopping-for-update: "false"
  name: computeinstance-sample-networkworker
  labels:
    created-from: "disk"
    network-type: "global"
spec:
  machineType: n1-standard-1
  zone: us-west1-b
  bootDisk:
    sourceDiskRef:
      name: computeinstance-dep-networkworker
    autoDelete: false
    deviceName: proxycontroldisk
    mode: READ_ONLY
    diskEncryptionKeyRaw:
      valueFrom:
        secretKeyRef:
          name: computeinstance-dep-networkworker
          key: diskEncryptionKey
  networkInterface:
    - networkRef:
        name: computeinstance-dep-networkworker
      subnetworkRef:
        name: computeinstance-dep-networkworker
      networkIp: "10.2.0.4"
      accessConfig:
        - natIpRef:
            name: computeinstance-dep-networkworker
  guestAccelerator:
    - type: nvidia-tesla-v100
      count: 1
  scratchDisk:
    - interface: SCSI
    - interface: NVME
  scheduling:
    preemptible: true
    automaticRestart: false
    onHostMaintenance: TERMINATE
  canIpForward: true
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computeinstance-dep-networkworker
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
  name: computeinstance-dep-networkworker
spec:
  ipCidrRange: 10.2.0.0/16
  region: us-west1
  description: a sample subnetwork
  privateIpGoogleAccess: false
  networkRef:
    name: computeinstance-dep-networkworker
  logConfig:
    aggregationInterval: INTERVAL_10_MIN
    flowSampling: 0.5
    metadata: INCLUDE_ALL_METADATA
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Secret
metadata:
  name: computeinstance-dep-networkworker
stringData:
  diskEncryptionKey: "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/allow-stopping-for-update
cnrm.cloud.google.com/project-id

Spec

Schema
attachedDisk:
- deviceName: string
  diskEncryptionKeyRaw:
    value: string
    valueFrom:
      secretKeyRef:
        key: string
        name: string
  diskEncryptionKeySha256: string
  kmsKeyRef:
    external: string
    name: string
    namespace: string
  mode: string
  sourceDiskRef:
    external: string
    name: string
    namespace: string
bootDisk:
  autoDelete: boolean
  deviceName: string
  diskEncryptionKeyRaw:
    value: string
    valueFrom:
      secretKeyRef:
        key: string
        name: string
  diskEncryptionKeySha256: string
  initializeParams:
    labels: {}
    size: integer
    sourceImageRef:
      external: string
      name: string
      namespace: string
    type: string
  kmsKeyRef:
    external: string
    name: string
    namespace: string
  mode: string
  sourceDiskRef:
    external: string
    name: string
    namespace: string
canIpForward: boolean
deletionProtection: boolean
description: string
desiredStatus: string
enableDisplay: boolean
guestAccelerator:
- count: integer
  type: string
hostname: string
instanceTemplateRef:
  external: string
  name: string
  namespace: string
machineType: string
metadata:
- key: string
  value: string
metadataStartupScript: string
minCpuPlatform: string
networkInterface:
- accessConfig:
  - natIpRef:
      external: string
      name: string
      namespace: string
    networkTier: string
    publicPtrDomainName: string
  aliasIpRange:
  - ipCidrRange: string
    subnetworkRangeName: string
  name: string
  networkIp: string
  networkRef:
    external: string
    name: string
    namespace: string
  subnetworkProject: string
  subnetworkRef:
    external: string
    name: string
    namespace: string
resourcePolicies:
- external: string
  name: string
  namespace: string
scheduling:
  automaticRestart: boolean
  nodeAffinities:
  - value: {}
  onHostMaintenance: string
  preemptible: boolean
scratchDisk:
- interface: string
serviceAccount:
  scopes:
  - string
  serviceAccountRef:
    external: string
    name: string
    namespace: string
shieldedInstanceConfig:
  enableIntegrityMonitoring: boolean
  enableSecureBoot: boolean
  enableVtpm: boolean
tags:
- string
zone: string
Fields
Name Description

attachedDisk

 

Optional

list (object)

attachedDisk.[]

 

Optional

object

attachedDisk.[].deviceName

 

Optional

string

attachedDisk.[].diskEncryptionKeyRaw

 

Optional

object

attachedDisk.[].diskEncryptionKeyRaw.value

 

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

attachedDisk.[].diskEncryptionKeyRaw.valueFrom

 

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

attachedDisk.[].diskEncryptionKeyRaw.valueFrom.secretKeyRef

 

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

attachedDisk.[].diskEncryptionKeyRaw.valueFrom.secretKeyRef.key

 

Required*

string

Key that identifies the value to be extracted.

attachedDisk.[].diskEncryptionKeyRaw.valueFrom.secretKeyRef.name

 

Required*

string

Name of the Secret to extract a value from.

attachedDisk.[].diskEncryptionKeySha256

 

Optional

string

attachedDisk.[].kmsKeyRef

 

Optional

object

attachedDisk.[].kmsKeyRef.external

 

Optional

string

The selfLink of a KMSCryptoKey.

attachedDisk.[].kmsKeyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

attachedDisk.[].kmsKeyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

attachedDisk.[].mode

 

Optional

string

attachedDisk.[].sourceDiskRef

 

Required*

object

attachedDisk.[].sourceDiskRef.external

 

Optional

string

The selfLink of a ComputeDisk.

attachedDisk.[].sourceDiskRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

attachedDisk.[].sourceDiskRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

bootDisk

 

Optional

object

bootDisk.autoDelete

 

Optional

boolean

bootDisk.deviceName

 

Optional

string

bootDisk.diskEncryptionKeyRaw

 

Optional

object

bootDisk.diskEncryptionKeyRaw.value

 

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

bootDisk.diskEncryptionKeyRaw.valueFrom

 

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

bootDisk.diskEncryptionKeyRaw.valueFrom.secretKeyRef

 

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

bootDisk.diskEncryptionKeyRaw.valueFrom.secretKeyRef.key

 

Required*

string

Key that identifies the value to be extracted.

bootDisk.diskEncryptionKeyRaw.valueFrom.secretKeyRef.name

 

Required*

string

Name of the Secret to extract a value from.

bootDisk.diskEncryptionKeySha256

 

Optional

string

bootDisk.initializeParams

 

Optional

object

bootDisk.initializeParams.labels

 

Optional

object

bootDisk.initializeParams.size

 

Optional

integer

bootDisk.initializeParams.sourceImageRef

 

Optional

object

bootDisk.initializeParams.sourceImageRef.external

 

Optional

string

The selfLink of a ComputeImage.

bootDisk.initializeParams.sourceImageRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

bootDisk.initializeParams.sourceImageRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

bootDisk.initializeParams.type

 

Optional

string

bootDisk.kmsKeyRef

 

Optional

object

bootDisk.kmsKeyRef.external

 

Optional

string

The selfLink of a KMSCryptoKey.

bootDisk.kmsKeyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

bootDisk.kmsKeyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

bootDisk.mode

 

Optional

string

bootDisk.sourceDiskRef

 

Optional

object

bootDisk.sourceDiskRef.external

 

Optional

string

The selfLink of a ComputeDisk.

bootDisk.sourceDiskRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

bootDisk.sourceDiskRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

canIpForward

 

Optional

boolean

deletionProtection

 

Optional

boolean

description

 

Optional

string

desiredStatus

 

Optional

string

enableDisplay

 

Optional

boolean

guestAccelerator

 

Optional

list (object)

guestAccelerator.[]

 

Optional

object

guestAccelerator.[].count

 

Required*

integer

guestAccelerator.[].type

 

Required*

string

hostname

 

Optional

string

instanceTemplateRef

 

Optional

object

instanceTemplateRef.external

 

Optional

string

The selfLink of a ComputeInstanceTemplate.

instanceTemplateRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

instanceTemplateRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

machineType

 

Optional

string

metadata

 

Optional

list (object)

metadata.[]

 

Optional

object

metadata.[].key

 

Required*

string

metadata.[].value

 

Required*

string

metadataStartupScript

 

Optional

string

minCpuPlatform

 

Optional

string

networkInterface

 

Optional

list (object)

networkInterface.[]

 

Optional

object

networkInterface.[].accessConfig

 

Optional

list (object)

networkInterface.[].accessConfig.[]

 

Optional

object

networkInterface.[].accessConfig.[].natIpRef

 

Optional

object

networkInterface.[].accessConfig.[].natIpRef.external

 

Optional

string

The address of a ComputeAddress.

networkInterface.[].accessConfig.[].natIpRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkInterface.[].accessConfig.[].natIpRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

networkInterface.[].accessConfig.[].networkTier

 

Optional

string

networkInterface.[].accessConfig.[].publicPtrDomainName

 

Optional

string

networkInterface.[].aliasIpRange

 

Optional

list (object)

networkInterface.[].aliasIpRange.[]

 

Optional

object

networkInterface.[].aliasIpRange.[].ipCidrRange

 

Required*

string

networkInterface.[].aliasIpRange.[].subnetworkRangeName

 

Optional

string

networkInterface.[].name

 

Optional

string

networkInterface.[].networkIp

 

Optional

string

networkInterface.[].networkRef

 

Optional

object

networkInterface.[].networkRef.external

 

Optional

string

The selfLink of a ComputeNetwork.

networkInterface.[].networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkInterface.[].networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

networkInterface.[].subnetworkProject

 

Optional

string

networkInterface.[].subnetworkRef

 

Optional

object

networkInterface.[].subnetworkRef.external

 

Optional

string

The selfLink of a ComputeSubnetwork.

networkInterface.[].subnetworkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkInterface.[].subnetworkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourcePolicies

 

Optional

list (object)

resourcePolicies.[]

 

Optional

object

resourcePolicies.[].external

 

Optional

string

The selfLink of a ComputeResourcePolicy.

resourcePolicies.[].name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

resourcePolicies.[].namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

scheduling

 

Optional

object

scheduling.automaticRestart

 

Optional

boolean

scheduling.nodeAffinities

 

Optional

list (object)

scheduling.nodeAffinities.[]

 

Optional

object

scheduling.nodeAffinities.[].value

 

Optional

object

scheduling.onHostMaintenance

 

Optional

string

scheduling.preemptible

 

Optional

boolean

scratchDisk

 

Optional

list (object)

scratchDisk.[]

 

Optional

object

scratchDisk.[].interface

 

Required*

string

serviceAccount

 

Optional

object

serviceAccount.scopes

 

Required*

list (string)

serviceAccount.scopes.[]

 

Required*

string

serviceAccount.serviceAccountRef

 

Optional

object

serviceAccount.serviceAccountRef.external

 

Optional

string

The email of an IAMServiceAccount.

serviceAccount.serviceAccountRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

serviceAccount.serviceAccountRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

shieldedInstanceConfig

 

Optional

object

shieldedInstanceConfig.enableIntegrityMonitoring

 

Optional

boolean

shieldedInstanceConfig.enableSecureBoot

 

Optional

boolean

shieldedInstanceConfig.enableVtpm

 

Optional

boolean

tags

 

Optional

list (string)

tags.[]

 

Optional

string

zone

 

Optional

string

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
cpuPlatform: string
currentStatus: string
instanceId: string
labelFingerprint: string
metadataFingerprint: string
selfLink: string
tagsFingerprint: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

cpuPlatform

string

currentStatus

string

instanceId

string

labelFingerprint

string

metadataFingerprint

string

selfLink

string

tagsFingerprint

string

ComputeInstanceGroup

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.instances
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/instances
Config Connector Resource Short Names gcpcomputeinstancegroup
gcpcomputeinstancegroups
computeinstancegroup
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeinstancegroups.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstance
metadata:
  name: computeinstancegroup-dep1
spec:
  zone: us-central1-a
  instanceTemplateRef:
    name: computeinstancegroup-dep
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstance
metadata:
  name: computeinstancegroup-dep2
spec:
  zone: us-central1-a
  instanceTemplateRef:
    name: computeinstancegroup-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstanceGroup
metadata:
  name: computeinstancegroup-sample
spec:
  description: Compute instance group with two specified instances and named http and https ports.
  instances:
  - name: computeinstancegroup-dep1
  - name: computeinstancegroup-dep2
  namedPort:
  - name: http
    port: 8080
  - name: https
    port: 8443
  zone: us-central1-a
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstanceTemplate
metadata:
  name: computeinstancegroup-dep
spec:
  machineType: n1-standard-1
  disk:
    - sourceImageRef:
        external: debian-cloud/debian-9
      boot: true
  networkInterface:
    - networkRef:
        name: computeinstancegroup-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computeinstancegroup-dep

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
instances:
- external: string
  name: string
  namespace: string
namedPort:
- name: string
  port: integer
networkRef:
  external: string
  name: string
  namespace: string
zone: string
Fields
Name Description

description

 

Optional

string

instances

 

Optional

list (object)

instances.[]

 

Optional

object

instances.[].external

 

Optional

string

The selfLink of a ComputeInstance.

instances.[].name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

instances.[].namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

namedPort

 

Optional

list (object)

namedPort.[]

 

Optional

object

namedPort.[].name

 

Required*

string

namedPort.[].port

 

Required*

integer

networkRef

 

Optional

object

networkRef.external

 

Optional

string

The selfLink of a ComputeNetwork.

networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

zone

 

Required

string

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
selfLink: string
size: integer
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

selfLink

string

size

integer

ComputeInstanceTemplate

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.instancetemplates
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/instancetemplates
Config Connector Resource Short Names gcpcomputeinstancetemplate
gcpcomputeinstancetemplates
computeinstancetemplate
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeinstancetemplates.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
  name: instancetemplate-dep
spec:
  description: a sample encrypted, blank disk
  physicalBlockSizeBytes: 4096
  size: 1
  type: pd-ssd
  location: us-west1-c
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeImage
metadata:
  name: instancetemplate-dep
spec:
  description: A sample image created from an empty disk resource
  diskRef:
    name: instancetemplate-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstanceTemplate
metadata:
  name: instancetemplate-sample
  labels:
    env: "dev"
spec:
  description: a sample instance template
  tags:
    - foo
    - bar
  instanceDescription: a sample instance created from the sample instance template
  machineType: n1-standard-1
  region: us-west1
  disk:
    - sourceDiskRef:
        name: instancetemplate-dep
      autoDelete: false
      boot: true
    - sourceImageRef:
        name: instancetemplate-dep
      autoDelete: true
      boot: false
      diskName: sample-attached-disk
      deviceName: attachment
      interface: SCSI
      diskType: pd-ssd
      diskSizeGb: 10
      type: PERSISTENT
  networkInterface:
    - networkRef:
        name: instancetemplate-dep
      subnetworkRef:
        name: instancetemplate-dep
      networkIp: "10.2.0.1"
      aliasIpRange:
        - ipCidrRange: /16
          subnetworkRangeName: sub-range
  canIpForward: false
  scheduling:
    automaticRestart: true
    onHostMaintenance: "MIGRATE"
    preemptible: false
  metadataStartupScript: "echo hi > /test.txt"
  serviceAccount:
    serviceAccountRef:
      name: instancetemplate-dep
    scopes:
      - userinfo-email
      - compute-ro
      - storage-ro
  guestAccelerator:
    - type: nvidia-tesla-k80
      count: 1
  minCpuPlatform: "Intel Skylake"
  shieldedInstanceConfig:
    enableSecureBoot: false
    enableVtpm: true
    enableIntegrityMonitoring: true
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: instancetemplate-dep
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
  name: instancetemplate-dep
spec:
  ipCidrRange: 10.2.0.0/16
  region: us-west1
  description: a sample subnetwork
  privateIpGoogleAccess: false
  networkRef:
    name: instancetemplate-dep
  logConfig:
    aggregationInterval: INTERVAL_10_MIN
    flowSampling: 0.5
    metadata: INCLUDE_ALL_METADATA
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
  name: instancetemplate-dep
spec:
  displayName: a sample Service Account

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
canIpForward: boolean
description: string
disk:
- autoDelete: boolean
  boot: boolean
  deviceName: string
  diskEncryptionKey:
    kmsKeyRef:
      external: string
      name: string
      namespace: string
  diskName: string
  diskSizeGb: integer
  diskType: string
  interface: string
  labels:
    string: string
  mode: string
  sourceDiskRef:
    external: string
    name: string
    namespace: string
  sourceImageRef:
    external: string
    name: string
    namespace: string
  type: string
enableDisplay: boolean
guestAccelerator:
- count: integer
  type: string
instanceDescription: string
machineType: string
metadata:
- key: string
  value: string
metadataStartupScript: string
minCpuPlatform: string
namePrefix: string
networkInterface:
- accessConfig:
  - natIpRef:
      external: string
      name: string
      namespace: string
    networkTier: string
    publicPtrDomainName: string
  aliasIpRange:
  - ipCidrRange: string
    subnetworkRangeName: string
  name: string
  networkIp: string
  networkRef:
    external: string
    name: string
    namespace: string
  subnetworkProject: string
  subnetworkRef:
    external: string
    name: string
    namespace: string
region: string
scheduling:
  automaticRestart: boolean
  nodeAffinities:
  - value: {}
  onHostMaintenance: string
  preemptible: boolean
serviceAccount:
  scopes:
  - string
  serviceAccountRef:
    external: string
    name: string
    namespace: string
shieldedInstanceConfig:
  enableIntegrityMonitoring: boolean
  enableSecureBoot: boolean
  enableVtpm: boolean
tags:
- string
Fields
Name Description

canIpForward

 

Optional

boolean

description

 

Optional

string

disk

 

Required

list (object)

disk.[]

 

Required

object

disk.[].autoDelete

 

Optional

boolean

disk.[].boot

 

Optional

boolean

disk.[].deviceName

 

Optional

string

disk.[].diskEncryptionKey

 

Optional

object

disk.[].diskEncryptionKey.kmsKeyRef

 

Required*

object

disk.[].diskEncryptionKey.kmsKeyRef.external

 

Optional

string

The selfLink of a KMSCryptoKey.

disk.[].diskEncryptionKey.kmsKeyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

disk.[].diskEncryptionKey.kmsKeyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

disk.[].diskName

 

Optional

string

disk.[].diskSizeGb

 

Optional

integer

disk.[].diskType

 

Optional

string

disk.[].interface

 

Optional

string

disk.[].labels

 

Optional

map (key: string, value: string)

disk.[].mode

 

Optional

string

disk.[].sourceDiskRef

 

Optional

object

disk.[].sourceDiskRef.external

 

Optional

string

The name of a ComputeDisk.

disk.[].sourceDiskRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

disk.[].sourceDiskRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

disk.[].sourceImageRef

 

Optional

object

disk.[].sourceImageRef.external

 

Optional

string

The selfLink of a ComputeImage.

disk.[].sourceImageRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

disk.[].sourceImageRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

disk.[].type

 

Optional

string

enableDisplay

 

Optional

boolean

guestAccelerator

 

Optional

list (object)

guestAccelerator.[]

 

Optional

object

guestAccelerator.[].count

 

Required*

integer

guestAccelerator.[].type

 

Required*

string

instanceDescription

 

Optional

string

machineType

 

Required

string

metadata

 

Optional

list (object)

metadata.[]

 

Optional

object

metadata.[].key

 

Required*

string

metadata.[].value

 

Required*

string

metadataStartupScript

 

Optional

string

minCpuPlatform

 

Optional

string

namePrefix

 

Optional

string

networkInterface

 

Optional

list (object)

networkInterface.[]

 

Optional

object

networkInterface.[].accessConfig

 

Optional

list (object)

networkInterface.[].accessConfig.[]

 

Optional

object

networkInterface.[].accessConfig.[].natIpRef

 

Optional

object

networkInterface.[].accessConfig.[].natIpRef.external

 

Optional

string

The address of a ComputeAddress.

networkInterface.[].accessConfig.[].natIpRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkInterface.[].accessConfig.[].natIpRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

networkInterface.[].accessConfig.[].networkTier

 

Optional

string

networkInterface.[].accessConfig.[].publicPtrDomainName

 

Optional

string

networkInterface.[].aliasIpRange

 

Optional

list (object)

networkInterface.[].aliasIpRange.[]

 

Optional

object

networkInterface.[].aliasIpRange.[].ipCidrRange

 

Required*

string

networkInterface.[].aliasIpRange.[].subnetworkRangeName

 

Optional

string

networkInterface.[].name

 

Optional

string

networkInterface.[].networkIp

 

Optional

string

networkInterface.[].networkRef

 

Optional

object

networkInterface.[].networkRef.external

 

Optional

string

The selfLink of a ComputeNetwork.

networkInterface.[].networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkInterface.[].networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

networkInterface.[].subnetworkProject

 

Optional

string

networkInterface.[].subnetworkRef

 

Optional

object

networkInterface.[].subnetworkRef.external

 

Optional

string

The selfLink of a ComputeSubnetwork.

networkInterface.[].subnetworkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkInterface.[].subnetworkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

region

 

Optional

string

scheduling

 

Optional

object

scheduling.automaticRestart

 

Optional

boolean

scheduling.nodeAffinities

 

Optional

list (object)

scheduling.nodeAffinities.[]

 

Optional

object

scheduling.nodeAffinities.[].value

 

Optional

object

scheduling.onHostMaintenance

 

Optional

string

scheduling.preemptible

 

Optional

boolean

serviceAccount

 

Optional

object

serviceAccount.scopes

 

Required*

list (string)

serviceAccount.scopes.[]

 

Required*

string

serviceAccount.serviceAccountRef

 

Optional

object

serviceAccount.serviceAccountRef.external

 

Optional

string

The email of an IAMServiceAccount.

serviceAccount.serviceAccountRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

serviceAccount.serviceAccountRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

shieldedInstanceConfig

 

Optional

object

shieldedInstanceConfig.enableIntegrityMonitoring

 

Optional

boolean

shieldedInstanceConfig.enableSecureBoot

 

Optional

boolean

shieldedInstanceConfig.enableVtpm

 

Optional

boolean

tags

 

Optional

list (string)

tags.[]

 

Optional

string

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
metadataFingerprint: string
selfLink: string
tagsFingerprint: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

metadataFingerprint

string

selfLink

string

tagsFingerprint

string

ComputeInterconnectAttachment

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.interconnectAttachments
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/interconnectAttachments
Config Connector Resource Short Names gcpcomputeinterconnectattachment
gcpcomputeinterconnectattachments
computeinterconnectattachment
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeinterconnectattachments.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInterconnectAttachment
metadata:
  name: computeinterconnectattachment-sample
spec:
  description: example interconnect attachment description
  interconnect: https://www.googleapis.com/compute/v1/projects/my-project/global/interconnects/my-interconnect
  adminEnabled: true
  bandwidth: BPS_50M
  type: DEDICATED
  candidateSubnets:
    - 169.254.0.0/16
  region: us-west1
  vlanTag8021q: 1024
  routerRef:
    name: computeinterconnectattachment-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  labels:
    label-one: "value-one"
  name: computeinterconnectattachment-dep
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouter
metadata:
  name: computeinterconnectattachment-dep
spec:
  networkRef:
    name: computeinterconnectattachment-dep
  description: example router description
  region: us-west1

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
adminEnabled: boolean
bandwidth: string
candidateSubnets:
- string
description: string
edgeAvailabilityDomain: string
interconnect: string
region: string
routerRef:
  external: string
  name: string
  namespace: string
type: string
vlanTag8021q: integer
Fields
Name Description

adminEnabled

 

Optional

boolean

Whether the VLAN attachment is enabled or disabled. When using PARTNER type this will Pre-Activate the interconnect attachment

bandwidth

 

Optional

string

Provisioned bandwidth capacity for the interconnect attachment. For attachments of type DEDICATED, the user can set the bandwidth. For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]

candidateSubnets

 

Optional

list (string)

candidateSubnets.[]

 

Optional

string

description

 

Optional

string

An optional description of this resource.

edgeAvailabilityDomain

 

Optional

string

Desired availability domain for the attachment. Only available for type PARTNER, at creation time. For improved reliability, customers should configure a pair of attachments with one per availability domain. The selected availability domain will be provided to the Partner via the pairing key so that the provisioned circuit will lie in the specified domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY.

interconnect

 

Optional

string

URL of the underlying Interconnect object that this attachment's traffic will traverse through. Required if type is DEDICATED, must not be set if type is PARTNER.

region

 

Required

string

Region where the regional interconnect attachment resides.

routerRef

 

Required

object

The Cloud Router to be used for dynamic routing. This router must be in the same region as this ComputeInterconnectAttachment. The ComputeInterconnectAttachment will automatically connect the interconnect to the network & region within which the Cloud Router is configured.

routerRef.external

 

Optional

string

The name of a ComputeRouter.

routerRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

routerRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

type

 

Optional

string

The type of InterconnectAttachment you wish to create. Defaults to DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]

vlanTag8021q

 

Optional

integer

The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When using PARTNER type this will be managed upstream.

Status

Schema
cloudRouterIpAddress: string
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
customerRouterIpAddress: string
googleReferenceId: string
pairingKey: string
partnerAsn: string
privateInterconnectInfo:
  tag8021q: integer
selfLink: string
state: string
Fields
cloudRouterIpAddress

string

IPv4 address + prefix length to be configured on Cloud Router Interface for this interconnect attachment.

conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

customerRouterIpAddress

string

IPv4 address + prefix length to be configured on the customer router subinterface for this interconnect attachment.

googleReferenceId

string

Google reference ID, to be used when raising support tickets with Google or otherwise to debug backend connectivity issues.

pairingKey

string

[Output only for type PARTNER. Not present for DEDICATED]. The opaque identifier of an PARTNER attachment used to initiate provisioning with a selected partner. Of the form "XXXXX/region/domain"

partnerAsn

string

[Output only for type PARTNER. Not present for DEDICATED]. Optional BGP ASN for the router that should be supplied by a layer 3 Partner if they configured BGP on behalf of the customer.

privateInterconnectInfo

object

Information specific to an InterconnectAttachment. This property is populated if the interconnect that this is attached to is of type DEDICATED.

privateInterconnectInfo.tag8021q

integer

802.1q encapsulation tag to be used for traffic between Google and the customer, going to and from this network and region.

selfLink

string

state

string

[Output Only] The current state of this attachment's functionality.

ComputeNetwork

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.networks
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/networks
Config Connector Resource Short Names gcpcomputenetwork
gcpcomputenetworks
computenetwork
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computenetworks.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  labels:
    label-one: "value-one"
  name: computenetwork-sample
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: true

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
autoCreateSubnetworks: boolean
deleteDefaultRoutesOnCreate: boolean
description: string
routingMode: string
Fields
Name Description

autoCreateSubnetworks

 

Optional

boolean

When set to 'true', the network is created in "auto subnet mode" and it will create a subnet for each region automatically across the '10.128.0.0/9' address range. When set to 'false', the network is created in "custom subnet mode" so the user can explicitly connect subnetwork resources.

deleteDefaultRoutesOnCreate

 

Optional

boolean

description

 

Optional

string

An optional description of this resource. The resource must be recreated to modify this field.

routingMode

 

Optional

string

The network-wide routing mode to use. If set to 'REGIONAL', this network's cloud routers will only advertise routes with subnetworks of this network in the same region as the router. If set to 'GLOBAL', this network's cloud routers will advertise routes with all subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
gatewayIpv4: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

gatewayIpv4

string

The gateway address for default routing out of the network. This value is selected by GCP.

selfLink

string

ComputeNetworkEndpointGroup

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.networkEndpointGroups
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/networkEndpointGroups
Config Connector Resource Short Names gcpcomputenetworkendpointgroup
gcpcomputenetworkendpointgroups
computenetworkendpointgroup
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computenetworkendpointgroups.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computenetworkendpointgroup-dep
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetworkEndpointGroup
metadata:
  name: computenetworkendpointgroup-sample
spec:
  networkRef:
    name: computenetworkendpointgroup-dep
  subnetworkRef:
    name: computenetworkendpointgroup-dep
  location: us-west1-a
  defaultPort: 90
  description: A network endpoint group living in a specific us-west1 subnetwork, whose member endpoints will serve on port number 90 by default.
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
  name: computenetworkendpointgroup-dep
spec:
  ipCidrRange: 10.2.0.0/16
  region: us-west1
  networkRef:
    name: computenetworkendpointgroup-dep

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
defaultPort: integer
description: string
location: string
networkEndpointType: string
networkRef:
  external: string
  name: string
  namespace: string
subnetworkRef:
  external: string
  name: string
  namespace: string
Fields
Name Description

defaultPort

 

Optional

integer

The default port used if the port number is not specified in the network endpoint.

description

 

Optional

string

An optional description of this resource. Provide this property when you create the resource.

location

 

Required

string

Location represents the geographical location of the ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)

networkEndpointType

 

Optional

string

Type of network endpoints in this network endpoint group. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP_PORT"]

networkRef

 

Required

object

The network to which all network endpoints in the NEG belong. Uses "default" project network if unspecified.

networkRef.external

 

Optional

string

The name of a ComputeNetwork.

networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

subnetworkRef

 

Optional

object

Optional subnetwork to which all network endpoints in the NEG belong.

subnetworkRef.external

 

Optional

string

The name of a ComputeSubnetwork.

subnetworkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

subnetworkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
selfLink: string
size: integer
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

selfLink

string

size

integer

Number of network endpoints in the network endpoint group.

ComputeNetworkPeering

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.networks
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/networks
Config Connector Resource Short Names gcpcomputenetworkpeering
gcpcomputenetworkpeerings
computenetworkpeering
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computenetworkpeerings.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computenetworkpeering-dep1
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computenetworkpeering-dep2
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetworkPeering
metadata:
  name: computenetworkpeering-sample1
spec:
  exportCustomRoutes: false
  importCustomRoutes: false
  networkRef:
    name: computenetworkpeering-dep1
  peerNetworkRef:
    name: computenetworkpeering-dep2
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetworkPeering
metadata:
  name: computenetworkpeering-sample2
spec:
  exportCustomRoutes: false
  importCustomRoutes: false
  networkRef:
    name: computenetworkpeering-dep2
  peerNetworkRef:
    name: computenetworkpeering-dep1

Custom Resource Definition Properties

Spec

Schema
exportCustomRoutes: boolean
importCustomRoutes: boolean
networkRef:
  external: string
  name: string
  namespace: string
peerNetworkRef:
  external: string
  name: string
  namespace: string
Fields
Name Description

exportCustomRoutes

 

Optional

boolean

importCustomRoutes

 

Optional

boolean

networkRef

 

Required

object

networkRef.external

 

Optional

string

The selfLink of a ComputeNetwork.

networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

peerNetworkRef

 

Required

object

peerNetworkRef.external

 

Optional

string

The selfLink of a ComputeNetwork.

peerNetworkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

peerNetworkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
state: string
stateDetails: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

state

string

stateDetails

string

ComputeNodeGroup

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.nodeGroups
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/nodeGroups
Config Connector Resource Short Names gcpcomputenodegroup
gcpcomputenodegroups
computenodegroup
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computenodegroups.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNodeGroup
metadata:
  name: computenodegroup-sample
spec:
  description: A single sole-tenant node in the us-central1-b zone.
  size: 1
  nodeTemplateRef:
    name: computenodegroup-dep
  zone: us-central1-b
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNodeTemplate
metadata:
  name: computenodegroup-dep
spec:
  region: us-central1
  nodeType: n1-node-96-624

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
autoscalingPolicy:
  maxNodes: integer
  minNodes: integer
  mode: string
description: string
nodeTemplateRef:
  external: string
  name: string
  namespace: string
size: integer
zone: string
Fields
Name Description

autoscalingPolicy

 

Optional

object

If you use sole-tenant nodes for your workloads, you can use the node group autoscaler to automatically manage the sizes of your node groups.

autoscalingPolicy.maxNodes

 

Optional

integer

Maximum size of the node group. Set to a value less than or equal to 100 and greater than or equal to min-nodes.

autoscalingPolicy.minNodes

 

Optional

integer

Minimum size of the node group. Must be less than or equal to max-nodes. The default value is 0.

autoscalingPolicy.mode

 

Optional

string

The autoscaling mode. Set to one of the following: - OFF: Disables the autoscaler. - ON: Enables scaling in and scaling out. - ONLY_SCALE_OUT: Enables only scaling out. You must use this mode if your node groups are configured to restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]

description

 

Optional

string

An optional textual description of the resource.

nodeTemplateRef

 

Required

object

The node template to which this node group belongs.

nodeTemplateRef.external

 

Optional

string

The selfLink of a ComputeNodeTemplate.

nodeTemplateRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nodeTemplateRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

size

 

Required

integer

The total number of nodes in the node group.

zone

 

Required

string

Zone where this node group is located

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

selfLink

string

ComputeNodeTemplate

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.nodeTemplates
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/nodeTemplates
Config Connector Resource Short Names gcpcomputenodetemplate
gcpcomputenodetemplates
computenodetemplate
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computenodetemplates.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Flexible Node Template

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNodeTemplate
metadata:
  name: computenodetemplate-sample-flexible
  labels:
    memory_guarantee: "false"
    desired_workload: "high-cpu"
spec:
  description: Node template for sole tenant nodes running in us-central1, with 96vCPUs and any amount of memory on any machine type.
  region: us-central1
  nodeTypeFlexibility:
    cpus: "96"
    memory: any

Typed Node Template

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNodeTemplate
metadata:
  name: computenodetemplate-sample-template
  labels:
    memory_guarantee: "true"
    desired_workload: "sustained"
spec:
  description: Node template for sole tenant nodes running in us-central1, with 96vCPUs and 624GB of memory, on n1 machines.
  region: us-central1
  nodeType: n1-node-96-624

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
nodeType: string
nodeTypeFlexibility:
  cpus: string
  localSsd: string
  memory: string
region: string
serverBinding:
  type: string
Fields
Name Description

description

 

Optional

string

An optional textual description of the resource.

nodeType

 

Optional

string

Node type to use for nodes group that are created from this template. Only one of nodeTypeFlexibility and nodeType can be specified.

nodeTypeFlexibility

 

Optional

object

Flexible properties for the desired node type. Node groups that use this node template will create nodes of a type that matches these properties. Only one of nodeTypeFlexibility and nodeType can be specified.

nodeTypeFlexibility.cpus

 

Optional

string

Number of virtual CPUs to use.

nodeTypeFlexibility.localSsd

 

Optional

string

Use local SSD

nodeTypeFlexibility.memory

 

Optional

string

Physical memory available to the node, defined in MB.

region

 

Required

string

Region where nodes using the node template will be created. If it is not provided, the provider region is used.

serverBinding

 

Optional

object

The server binding policy for nodes using this template. Determines where the nodes should restart following a maintenance event.

serverBinding.type

 

Required*

string

Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', nodes using this template will restart on any physical server following a maintenance event. If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template will restart on the same physical server following a maintenance event, instead of being live migrated to or restarted on a new physical server. This option may be useful if you are using software licenses tied to the underlying server characteristics such as physical sockets or cores, to avoid the need for additional licenses when maintenance occurs. However, VMs on such nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

selfLink

string

ComputeReservation

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.reservations
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/reservations
Config Connector Resource Short Names gcpcomputereservation
gcpcomputereservations
computereservation
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computereservations.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Bulk Compute Reservation

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeReservation
metadata:
  name: computereservation-sample-bulk
spec:
  description: Reservation for 2 basic machines which will become generally available for VM instances to consume.
  zone: us-central1-a
  specificReservation:
    count: 2
    instanceProperties:
      machineType: n1-standard-1
      minCpuPlatform: "Intel Sandy Bridge"

Specialized Compute Reservation

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeReservation
metadata:
  name: computereservation-sample-specialized
spec:
  description: Reservation for a single tricked out machine that can only be consumed by a VM instance that references this reservation.
  zone: us-central1-a
  specificReservationRequired: true
  specificReservation:
    count: 1
    instanceProperties:
      machineType: n1-highmem-8
      minCpuPlatform: "Intel Skylake"
      guestAccelerators:
      - acceleratorCount: 1
        acceleratorType: nvidia-tesla-v100
      localSsds:
      - interface: NVME
        diskSizeGb: 375

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
specificReservation:
  count: integer
  inUseCount: integer
  instanceProperties:
    guestAccelerators:
    - acceleratorCount: integer
      acceleratorType: string
    localSsds:
    - diskSizeGb: integer
      interface: string
    machineType: string
    minCpuPlatform: string
specificReservationRequired: boolean
zone: string
Fields
Name Description

description

 

Optional

string

An optional description of this resource.

specificReservation

 

Required

object

Reservation for instances with specific machine shapes.

specificReservation.count

 

Required

integer

The number of resources that are allocated.

specificReservation.inUseCount

 

Optional

integer

How many instances are in use.

specificReservation.instanceProperties

 

Required

object

The instance properties for the reservation.

specificReservation.instanceProperties.guestAccelerators

 

Optional

list (object)

specificReservation.instanceProperties.guestAccelerators.[]

 

Optional

object

specificReservation.instanceProperties.guestAccelerators.[].acceleratorCount

 

Required*

integer

The number of the guest accelerator cards exposed to this instance.

specificReservation.instanceProperties.guestAccelerators.[].acceleratorType

 

Required*

string

The full or partial URL of the accelerator type to attach to this instance. For example: 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' If you are creating an instance template, specify only the accelerator name.

specificReservation.instanceProperties.localSsds

 

Optional

list (object)

specificReservation.instanceProperties.localSsds.[]

 

Optional

object

specificReservation.instanceProperties.localSsds.[].diskSizeGb

 

Required*

integer

The size of the disk in base-2 GB.

specificReservation.instanceProperties.localSsds.[].interface

 

Optional

string

The disk interface to use for attaching this disk. Default value: "SCSI" Possible values: ["SCSI", "NVME"]

specificReservation.instanceProperties.machineType

 

Required

string

The name of the machine type to reserve.

specificReservation.instanceProperties.minCpuPlatform

 

Optional

string

The minimum CPU platform for the reservation. For example, '"Intel Skylake"'. See the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) for information on available CPU platforms.

specificReservationRequired

 

Optional

boolean

When set to true, only VMs that target this reservation by name can consume this reservation. Otherwise, it can be consumed by VMs with affinity for any reservation. Defaults to false.

zone

 

Required

string

The zone where the reservation is made.

* Field is required when parent field is specified

Status

Schema
commitment: string
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
selfLink: string
status: string
Fields
commitment

string

Full or partial URL to a parent commitment. This field displays for reservations that are tied to a commitment.

conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

selfLink

string

status

string

The status of the reservation.

ComputeResourcePolicy

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.resourcePolicies
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/resourcePolicies
Config Connector Resource Short Name ComputeResourcePolicy
Config Connector Resource Fully Qualified Name computeresourcepolicies.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Daily Resource Policy Schedule

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeResourcePolicy
metadata:
  name: computeresourcepolicy-sample-dailyschedule
spec:
  region: us-central1
  snapshotSchedulePolicy:
    schedule:
      dailySchedule:
        daysInCycle: 1
        startTime: "00:00"
    retentionPolicy:
      maxRetentionDays: 8
      onSourceDiskDelete: KEEP_AUTO_SNAPSHOTS
    snapshotProperties:
      storageLocations:
      - us-central1
      guestFlush: true
      labels:
        autodeleted: "false"
        interval: "daily"

Hourly Resource Policy Schedule

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeResourcePolicy
metadata:
  name: computeresourcepolicy-sample-hourlyschedule
spec:
  region: us-central1
  snapshotSchedulePolicy:
    schedule:
      hourlySchedule:
        hoursInCycle: 4
        startTime: "13:00"
    retentionPolicy:
      maxRetentionDays: 2
      onSourceDiskDelete: APPLY_RETENTION_POLICY
    snapshotProperties:
      labels:
        autodeleted: "true"
        interval: "hourly"

Weekly Resource Policy Schedule

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeResourcePolicy
metadata:
  name: computeresourcepolicy-sample-weeklyschedule
spec:
  region: us-central1
  snapshotSchedulePolicy:
    schedule:
      weeklySchedule:
        dayOfWeeks:
        - startTime: "08:00"
          day: MONDAY
        - startTime: "15:00"
          day: WEDNESDAY
        - startTime: "23:00"
          day: FRIDAY
    retentionPolicy:
      maxRetentionDays: 12
    snapshotProperties:
      storageLocations:
      - us
      guestFlush: false
      labels:
        autodeleted: "false"
        interval: "weekly"

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
groupPlacementPolicy:
  availabilityDomainCount: integer
  collocation: string
  vmCount: integer
region: string
snapshotSchedulePolicy:
  retentionPolicy:
    maxRetentionDays: integer
    onSourceDiskDelete: string
  schedule:
    dailySchedule:
      daysInCycle: integer
      startTime: string
    hourlySchedule:
      hoursInCycle: integer
      startTime: string
    weeklySchedule:
      dayOfWeeks:
      - day: string
        startTime: string
  snapshotProperties:
    guestFlush: boolean
    labels:
      string: string
    storageLocations:
    - string
Fields
Name Description

groupPlacementPolicy

 

Optional

object

Policy for creating snapshots of persistent disks.

groupPlacementPolicy.availabilityDomainCount

 

Optional

integer

The number of availability domains instances will be spread across. If two instances are in different availability domain, they will not be put in the same low latency network

groupPlacementPolicy.collocation

 

Optional

string

Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy attached. Possible values: ["COLLOCATED"]

groupPlacementPolicy.vmCount

 

Optional

integer

Number of vms in this placement group.

region

 

Required

string

Region where resource policy resides.

snapshotSchedulePolicy

 

Optional

object

Policy for creating snapshots of persistent disks.

snapshotSchedulePolicy.retentionPolicy

 

Optional

object

Retention policy applied to snapshots created by this resource policy.

snapshotSchedulePolicy.retentionPolicy.maxRetentionDays

 

Required*

integer

Maximum age of the snapshot that is allowed to be kept.

snapshotSchedulePolicy.retentionPolicy.onSourceDiskDelete

 

Optional

string

Specifies the behavior to apply to scheduled snapshots when the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]

snapshotSchedulePolicy.schedule

 

Required*

object

Contains one of an 'hourlySchedule', 'dailySchedule', or 'weeklySchedule'.

snapshotSchedulePolicy.schedule.dailySchedule

 

Optional

object

The policy will execute every nth day at the specified time.

snapshotSchedulePolicy.schedule.dailySchedule.daysInCycle

 

Required*

integer

The number of days between snapshots.

snapshotSchedulePolicy.schedule.dailySchedule.startTime

 

Required*

string

This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.

snapshotSchedulePolicy.schedule.hourlySchedule

 

Optional

object

The policy will execute every nth hour starting at the specified time.

snapshotSchedulePolicy.schedule.hourlySchedule.hoursInCycle

 

Required*

integer

The number of hours between snapshots.

snapshotSchedulePolicy.schedule.hourlySchedule.startTime

 

Required*

string

Time within the window to start the operations. It must be in an hourly format "HH:MM", where HH : [00-23] and MM : [00] GMT. eg: 21:00

snapshotSchedulePolicy.schedule.weeklySchedule

 

Optional

object

Allows specifying a snapshot time for each day of the week.

snapshotSchedulePolicy.schedule.weeklySchedule.dayOfWeeks

 

Required*

list (object)

snapshotSchedulePolicy.schedule.weeklySchedule.dayOfWeeks.[]

 

Required*

object

snapshotSchedulePolicy.schedule.weeklySchedule.dayOfWeeks.[].day

 

Required*

string

The day of the week to create the snapshot. e.g. MONDAY Possible values: ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]

snapshotSchedulePolicy.schedule.weeklySchedule.dayOfWeeks.[].startTime

 

Required*

string

Time within the window to start the operations. It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT.

snapshotSchedulePolicy.snapshotProperties

 

Optional

object

Properties with which the snapshots are created, such as labels.

snapshotSchedulePolicy.snapshotProperties.guestFlush

 

Optional

boolean

Whether to perform a 'guest aware' snapshot.

snapshotSchedulePolicy.snapshotProperties.labels

 

Optional

map (key: string, value: string)

A set of key-value pairs.

snapshotSchedulePolicy.snapshotProperties.storageLocations

 

Optional

list (string)

snapshotSchedulePolicy.snapshotProperties.storageLocations.[]

 

Optional

string

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

selfLink

string

ComputeRoute

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.routes
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/routes
Config Connector Resource Short Names gcpcomputeroute
gcpcomputeroutes
computeroute
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeroutes.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computeroute-dep
  annotations:
    cnrm.cloud.google.com/deletion-policy: "abandon"
spec:
  description: Default network for the project
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRoute
metadata:
  name: computeroute-sample
spec:
  description: "A sample compute route"
  destRange: 0.0.0.0/0
  networkRef:
    name: computeroute-dep
  priority: 100
  nextHopIp: 10.132.1.5

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
destRange: string
networkRef:
  external: string
  name: string
  namespace: string
nextHopGateway: string
nextHopILBRef:
  external: string
  name: string
  namespace: string
nextHopInstanceRef:
  external: string
  name: string
  namespace: string
nextHopIp: string
nextHopVPNTunnelRef:
  external: string
  name: string
  namespace: string
priority: integer
tags:
- string
Fields
Name Description

description

 

Optional

string

An optional description of this resource. Provide this property when you create the resource.

destRange

 

Required

string

The destination range of outgoing packets that this route applies to. Only IPv4 is supported.

networkRef

 

Required

object

The network that this route applies to.

networkRef.external

 

Optional

string

The name of a ComputeNetwork.

networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

nextHopGateway

 

Optional

string

URL to a gateway that should handle matching packets. Currently, you can only specify the internet gateway, using a full or partial valid URL: * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' * 'projects/project/global/gateways/default-internet-gateway' * 'global/gateways/default-internet-gateway' * The string 'default-internet-gateway'.

nextHopILBRef

 

Optional

object

A forwarding rule of type loadBalancingScheme=INTERNAL that should handle matching packets. Note that this can only be used when the destinationRange is a public (non-RFC 1918) IP CIDR range.

nextHopILBRef.external

 

Optional

string

The selfLink of a ComputeForwardingRule.

nextHopILBRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nextHopILBRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

nextHopInstanceRef

 

Optional

object

Instance that should handle matching packets.

nextHopInstanceRef.external

 

Optional

string

The selfLink of a ComputeInstance.

nextHopInstanceRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nextHopInstanceRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

nextHopIp

 

Optional

string

Network IP address of an instance that should handle matching packets.

nextHopVPNTunnelRef

 

Optional

object

The ComputeVPNTunnel that should handle matching packets

nextHopVPNTunnelRef.external

 

Optional

string

The selfLink of a ComputeVPNTunnel.

nextHopVPNTunnelRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nextHopVPNTunnelRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

priority

 

Optional

integer

The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535.

tags

 

Optional

list (string)

tags.[]

 

Optional

string

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
nextHopNetwork: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

nextHopNetwork

string

URL to a Network that should handle matching packets.

selfLink

string

ComputeRouter

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.routers
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/routers
Config Connector Resource Short Names gcpcomputerouter
gcpcomputerouters
computerouter
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computerouters.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  labels:
    label-one: "value-one"
  name: computerouter-dep
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouter
metadata:
  name: computerouter-sample
spec:
  networkRef:
    name: computerouter-dep
  description: example router description
  region: us-west1
  bgp:
    asn: 64514
    advertiseMode: CUSTOM
    advertisedGroups:
      - ALL_SUBNETS
    advertisedIpRanges:
      - range: "1.2.3.4"

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
bgp:
  advertiseMode: string
  advertisedGroups:
  - string
  advertisedIpRanges:
  - description: string
    range: string
  asn: integer
description: string
networkRef:
  external: string
  name: string
  namespace: string
region: string
Fields
Name Description

bgp

 

Optional

object

BGP information specific to this router.

bgp.advertiseMode

 

Optional

string

User-specified flag to indicate which mode to use for advertisement. Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]

bgp.advertisedGroups

 

Optional

list (string)

bgp.advertisedGroups.[]

 

Optional

string

bgp.advertisedIpRanges

 

Optional

list (object)

bgp.advertisedIpRanges.[]

 

Optional

object

bgp.advertisedIpRanges.[].description

 

Optional

string

User-specified description for the IP range.

bgp.advertisedIpRanges.[].range

 

Required*

string

The IP range to advertise. The value must be a CIDR-formatted string.

bgp.asn

 

Required*

integer

Local BGP Autonomous System Number (ASN). Must be an RFC6996 private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN.

description

 

Optional

string

An optional description of this resource.

networkRef

 

Required

object

A reference to the network to which this router belongs.

networkRef.external

 

Optional

string

The name of a ComputeNetwork.

networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

region

 

Required

string

Region where the router resides.

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

selfLink

string

ComputeRouterInterface

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.routers
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/routers
Config Connector Resource Short Names gcpcomputerouterinterface
gcpcomputerouterinterfaces
computerouterinterface
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computerouterinterfaces.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
  name: computerouterinterface-dep
  labels:
    label-one: "value-one"
spec:
  location: us-central1
  description: "a test regional address"
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
  labels:
    label-one: "value-one"
  name: computerouterinterface-dep1
spec:
  description: "A regional forwarding rule"
  target:
    targetVPNGatewayRef:
      name: computerouterinterface-dep
  ipProtocol: "ESP"
  location: us-central1
  ipAddress:
    addressRef:
      name: computerouterinterface-dep
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
  labels:
    label-one: "value-one"
  name: computerouterinterface-dep2
spec:
  description: "A regional forwarding rule"
  target:
    targetVPNGatewayRef:
      name: computerouterinterface-dep
  ipProtocol: "UDP"
  portRange: "500"
  location: us-central1
  ipAddress:
    addressRef:
      name: computerouterinterface-dep
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
  labels:
    label-one: "value-one"
  name: computerouterinterface-dep3
spec:
  description: "A regional forwarding rule"
  target:
    targetVPNGatewayRef:
      name: computerouterinterface-dep
  ipProtocol: "UDP"
  portRange: "4500"
  location: us-central1
  ipAddress:
    addressRef:
      name: computerouterinterface-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  labels:
    label-one: "value-one"
  name: computerouterinterface-dep
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouter
metadata:
  name: computerouterinterface-dep
spec:
  networkRef:
    name: computerouterinterface-dep
  description: example router description
  region: us-central1
  bgp:
    asn: 64514
    advertiseMode: CUSTOM
    advertisedGroups:
      - ALL_SUBNETS
    advertisedIpRanges:
      - range: "1.2.3.4"
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouterInterface
metadata:
  name: computerouterinterface-sample
spec:
  routerRef:
    name: computerouterinterface-dep
  region: us-central1
  ipRange: "169.254.1.1/30"
  vpnTunnelRef:
    name: computerouterinterface-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetVPNGateway
metadata:
  name: computerouterinterface-dep
spec:
  description: a test target vpn gateway
  region: us-central1
  networkRef:
    name: computerouterinterface-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeVPNTunnel
metadata:
  name: computerouterinterface-dep
  labels:
    foo: bar
spec:
  peerIp: "15.0.0.120"
  region: us-central1
  sharedSecret:
    valueFrom:
      secretKeyRef:
        name: computerouterinterface-dep
        key: sharedSecret
  targetVPNGatewayRef:
    name: computerouterinterface-dep
  localTrafficSelector:
   - "192.168.0.0/16"
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Secret
metadata:
  name: computerouterinterface-dep
stringData:
  sharedSecret: "a secret message"

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
interconnectAttachmentRef:
  external: string
  name: string
  namespace: string
ipRange: string
region: string
routerRef:
  external: string
  name: string
  namespace: string
vpnTunnelRef:
  external: string
  name: string
  namespace: string
Fields
Name Description

interconnectAttachmentRef

 

Optional

object

interconnectAttachmentRef.external

 

Optional

string

The name of a ComputeInterconnectAttachment.

interconnectAttachmentRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

interconnectAttachmentRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

ipRange

 

Optional

string

region

 

Required

string

routerRef

 

Required

object

routerRef.external

 

Optional

string

The name of a ComputeRouter.

routerRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

routerRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

vpnTunnelRef

 

Optional

object

vpnTunnelRef.external

 

Optional

string

The name of a ComputeVPNTunnel.

vpnTunnelRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

vpnTunnelRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

ComputeRouterNAT

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.routers
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/routers
Config Connector Resource Short Names gcpcomputerouternat
gcpcomputerouternats
computerouternat
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computerouternats.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Router Nat For All Subnets

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  labels:
    label-one: "value-one"
  name: computerouternat-dep-forallsubnets
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouter
metadata:
  name: computerouternat-dep-forallsubnets
spec:
  description: example router description
  region: us-west1
  networkRef:
    name: computerouternat-dep-forallsubnets
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouterNAT
metadata:
  name: computerouternat-sample-forallsubnets
spec:
  region: us-west1
  routerRef:
    name: computerouternat-dep-forallsubnets
  natIpAllocateOption: AUTO_ONLY
  sourceSubnetworkIpRangesToNat: ALL_SUBNETWORKS_ALL_IP_RANGES

Router Nat For List Of Subnets

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  labels:
    label-one: "value-one"
  name: computerouternat-dep-forlistofsubnets
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouter
metadata:
  name: computerouternat-dep-forlistofsubnets
spec:
  description: example router description
  region: us-west1
  networkRef:
    name: computerouternat-dep-forlistofsubnets
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouterNAT
metadata:
  name: computerouternat-sample-forlistofsubnets
spec:
  region: us-west1
  natIpAllocateOption: AUTO_ONLY
  routerRef:
    name: computerouternat-dep-forlistofsubnets
  sourceSubnetworkIpRangesToNat: LIST_OF_SUBNETWORKS
  subnetwork:
  - subnetworkRef:
      name: computerouternat-dep-forlistofsubnets
    sourceIpRangesToNat:
    - ALL_IP_RANGES
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
  labels:
    label-one: "value-one"
  name: computerouternat-dep-forlistofsubnets
spec:
  description: My subnet
  ipCidrRange: 10.1.0.0/16
  region: us-west1
  networkRef:
    name: computerouternat-dep-forlistofsubnets

Router Nat With Manual Nat Ips

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
  name: computerouternat-dep-withmanualnatips
spec:
  location: us-west1
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  labels:
    label-one: "value-one"
  name: computerouternat-dep-withmanualnatips
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouter
metadata:
  name: computerouternat-dep-withmanualnatips
spec:
  description: example router description
  region: us-west1
  networkRef:
    name: computerouternat-dep-withmanualnatips
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouterNAT
metadata:
  name: computerouternat-sample-withmanualnatips
spec:
  region: us-west1
  routerRef:
    name: computerouternat-dep-withmanualnatips
  natIpAllocateOption: MANUAL_ONLY
  natIps:
  - name: computerouternat-dep-withmanualnatips
  sourceSubnetworkIpRangesToNat: ALL_SUBNETWORKS_ALL_IP_RANGES

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
drainNatIps:
- external: string
  name: string
  namespace: string
icmpIdleTimeoutSec: integer
logConfig:
  enable: boolean
  filter: string
minPortsPerVm: integer
natIpAllocateOption: string
natIps:
- external: string
  name: string
  namespace: string
region: string
routerRef:
  external: string
  name: string
  namespace: string
sourceSubnetworkIpRangesToNat: string
subnetwork:
- secondaryIpRangeNames:
  - string
  sourceIpRangesToNat:
  - string
  subnetworkRef:
    external: string
    name: string
    namespace: string
tcpEstablishedIdleTimeoutSec: integer
tcpTransitoryIdleTimeoutSec: integer
udpIdleTimeoutSec: integer
Fields
Name Description

drainNatIps

 

Optional

list (object)

A list of IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.

drainNatIps.[]

 

Optional

object

A list of IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.

drainNatIps.[].external

 

Optional

string

The selfLink of a ComputeAddress.

drainNatIps.[].name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

drainNatIps.[].namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

icmpIdleTimeoutSec

 

Optional

integer

Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.

logConfig

 

Optional

object

Configuration for logging on NAT

logConfig.enable

 

Required*

boolean

Indicates whether or not to export logs.

logConfig.filter

 

Required*

string

Specifies the desired filtering of logs on this NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"]

minPortsPerVm

 

Optional

integer

Minimum number of ports allocated to a VM from this NAT.

natIpAllocateOption

 

Required

string

How external IPs should be allocated for this NAT. Valid values are 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]

natIps

 

Optional

list (object)

NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY.

natIps.[]

 

Optional

object

NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY.

natIps.[].external

 

Optional

string

The selfLink of a ComputeAddress.

natIps.[].name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

natIps.[].namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

region

 

Required

string

Region where the router and NAT reside.

routerRef

 

Required

object

The Cloud Router in which this NAT will be configured.

routerRef.external

 

Optional

string

The name of a ComputeRouter.

routerRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

routerRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

sourceSubnetworkIpRangesToNat

 

Required

string

How NAT should be configured per Subnetwork. If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the IP ranges in every Subnetwork are allowed to Nat. If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP ranges in every Subnetwork are allowed to Nat. 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]

subnetwork

 

Optional

list (object)

subnetwork.[]

 

Optional

object

subnetwork.[].secondaryIpRangeNames

 

Optional

list (string)

subnetwork.[].secondaryIpRangeNames.[]

 

Optional

string

subnetwork.[].sourceIpRangesToNat

 

Required*

list (string)

subnetwork.[].sourceIpRangesToNat.[]

 

Required*

string

subnetwork.[].subnetworkRef

 

Required*

object

The subnetwork to NAT.

subnetwork.[].subnetworkRef.external

 

Optional

string

The selfLink of a ComputeSubnetwork.

subnetwork.[].subnetworkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

subnetwork.[].subnetworkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

tcpEstablishedIdleTimeoutSec

 

Optional

integer

Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.

tcpTransitoryIdleTimeoutSec

 

Optional

integer

Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.

udpIdleTimeoutSec

 

Optional

integer

Timeout (in seconds) for UDP connections. Defaults to 30s if not set.

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

ComputeRouterPeer

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.routers
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/routers
Config Connector Resource Short Names gcpcomputerouterpeer
gcpcomputerouterpeers
computerouterpeer
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computerouterpeers.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  labels:
    label-one: "value-one"
  name: computerouterpeer-dep
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouter
metadata:
  name: computerouterpeer-dep
spec:
  networkRef:
    name: computerouterpeer-dep
  description: example router description
  region: us-central1
  bgp:
    asn: 64514
    advertiseMode: CUSTOM
    advertisedGroups:
      - ALL_SUBNETS
    advertisedIpRanges:
      - range: "1.2.3.4"
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouterInterface
metadata:
  name: computerouterpeer-dep
spec:
  routerRef:
    name: computerouterpeer-dep
  region: us-central1
  ipRange: "169.254.0.1/30"
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeRouterPeer
metadata:
  name: computerouterpeer-sample
spec:
  region: us-central1
  peerIpAddress: "169.254.0.2"
  peerAsn: 65513
  advertisedRoutePriority: 1
  routerRef:
    name: computerouterpeer-dep
  routerInterfaceRef:
    name: computerouterpeer-dep

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
advertiseMode: string
advertisedGroups:
- string
advertisedIpRanges:
- description: string
  range: string
advertisedRoutePriority: integer
peerAsn: integer
peerIpAddress: string
region: string
routerInterfaceRef:
  external: string
  name: string
  namespace: string
routerRef:
  external: string
  name: string
  namespace: string
Fields
Name Description

advertiseMode

 

Optional

string

User-specified flag to indicate which mode to use for advertisement. Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]

advertisedGroups

 

Optional

list (string)

advertisedGroups.[]

 

Optional

string

advertisedIpRanges

 

Optional

list (object)

advertisedIpRanges.[]

 

Optional

object

advertisedIpRanges.[].description

 

Optional

string

User-specified description for the IP range.

advertisedIpRanges.[].range

 

Required*

string

The IP range to advertise. The value must be a CIDR-formatted string.

advertisedRoutePriority

 

Optional

integer

The priority of routes advertised to this BGP peer. Where there is more than one matching route of maximum length, the routes with the lowest priority value win.

peerAsn

 

Required

integer

Peer BGP Autonomous System Number (ASN). Each BGP interface may use a different value.

peerIpAddress

 

Required

string

IP address of the BGP interface outside Google Cloud Platform. Only IPv4 is supported.

region

 

Required

string

Region where the router and BgpPeer reside. If it is not provided, the provider region is used.

routerInterfaceRef

 

Required

object

The interface the BGP peer is associated with.

routerInterfaceRef.external

 

Optional

string

The name of a ComputeRouterInterface.

routerInterfaceRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

routerInterfaceRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

routerRef

 

Required

object

The Cloud Router in which this BGP peer will be configured.

routerRef.external

 

Optional

string

The name of a ComputeRouter.

routerRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

routerRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
ipAddress: string
managementType: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

ipAddress

string

IP address of the interface inside Google Cloud Platform. Only IPv4 is supported.

managementType

string

The resource that configures and manages this BGP peer. * 'MANAGED_BY_USER' is the default value and can be managed by you or other users * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and managed by Cloud Interconnect, specifically by an InterconnectAttachment of type PARTNER. Google automatically creates, updates, and deletes this type of BGP peer when the PARTNER InterconnectAttachment is created, updated, or deleted.

ComputeSecurityPolicy

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.securityPolicies
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/securityPolicies
Config Connector Resource Short Names gcpcomputesecuritypolicy
gcpcomputesecuritypolicies
computesecuritypolicy
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computesecuritypolicies.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Lockdown Security Policy With Test

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSecurityPolicy
metadata:
  name: computesecuritypolicy-sample-lockdownwithtest
spec:
  description: A policy designed to completely lock down network access while testing the effect of opening ports over a few select ranges.
  rule:
  - action: deny(403)
    priority: 2147483647
    match:
      versionedExpr: SRC_IPS_V1
      config:
        srcIpRanges:
        - "*"
    description: Rule matching all IPs with priority 2147483647, set to deny.
  - action: allow
    preview: true
    priority: 1000000000
    match:
      versionedExpr: SRC_IPS_V1
      config:
        srcIpRanges:
        - 16.0.0.0/4
        - 115.128.0.0/9
        - 62.48.212.0/24
    description: Tests opening listed IP ranges. Logs sent to Stackdriver.

Multirule Security Policy

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSecurityPolicy
metadata:
  name: computesecuritypolicy-sample-multirule
spec:
  description: A generally permissive policy that locks out a large block of untrusted IPs, except for some allowed trusted IP ranges within them, and never allows IPs from a blacklist.
  rule:
  - action: allow
    priority: 2147483647
    match:
      versionedExpr: SRC_IPS_V1
      config:
        srcIpRanges:
        - "*"
    description: This rule must be included in any rule array. Action can change.
  - action: deny(502)
    priority: 111111111
    match:
      versionedExpr: SRC_IPS_V1
      config:
        srcIpRanges:
        - 60.0.0.0/6
    description: Untrusted range. Block IPs and return 502.
  - action: allow
    priority: 555
    match:
      versionedExpr: SRC_IPS_V1
      config:
        srcIpRanges:
        - 63.0.0.0/8
        - 61.128.0.0/10
    description: Even though they're in an untrusted block, these ranges are OK.
  - action: deny(403)
    priority: 0
    match:
      versionedExpr: SRC_IPS_V1
      config:
        srcIpRanges:
        - 145.4.56.4/30
        - 63.63.63.63/32
        - 4.5.4.0/24
    description: Never allow these blacklisted IP ranges.

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
rule:
- action: string
  description: string
  match:
    config:
      srcIpRanges:
      - string
    expr:
      expression: string
    versionedExpr: string
  preview: boolean
  priority: integer
Fields
Name Description

description

 

Optional

string

rule

 

Optional

list (object)

rule.[]

 

Optional

object

rule.[].action

 

Required*

string

rule.[].description

 

Optional

string

rule.[].match

 

Required*

object

rule.[].match.config

 

Optional

object

rule.[].match.config.srcIpRanges

 

Required*

list (string)

rule.[].match.config.srcIpRanges.[]

 

Required*

string

rule.[].match.expr

 

Optional

object

rule.[].match.expr.expression

 

Required*

string

rule.[].match.versionedExpr

 

Optional

string

rule.[].preview

 

Optional

boolean

rule.[].priority

 

Required*

integer

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
fingerprint: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

fingerprint

string

selfLink

string

ComputeSharedVPCHostProject

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.projects.enableXpnHost
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/projects/enableXpnHost
Config Connector Resource Short Names gcpcomputesharedvpchostproject
gcpcomputesharedvpchostprojects
computesharedvpchostproject
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computesharedvpchostprojects.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This resource will enable the project this namespace is bound to as a Shared
# VPC host. You should only create one of these resources per project. If you
# have multiple namespaces mapping to the same project, ensure that only one
# ComputeSharedVPCHostProject resource exists across these namespaces.
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSharedVPCHostProject
metadata:
  name: computesharedvpchostproject-sample

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
ComputeSharedVPCHostProject has an empty Spec
Fields
Name Description

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

ComputeSharedVPCServiceProject

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.projects.enableXpnResource
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/projects/enableXpnResource
Config Connector Resource Short Names gcpcomputesharedvpcserviceproject
gcpcomputesharedvpcserviceprojects
computesharedvpcserviceproject
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computesharedvpcserviceprojects.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This resource will enable the project this namespace is bound to as a Shared
# VPC host. You should only create one of these resources per project. If you
# have multiple namespaces mapping to the same project, ensure that only one
# ComputeSharedVPCHostProject resource exists across these namespaces.
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSharedVPCHostProject
metadata:
  name: computesharedvpchostproject-sample
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSharedVPCServiceProject
metadata:
  name: computesharedvpcserviceproject-sample
spec:
  projectRef:
    name: sharedvpc-service-project-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
kind: Project
metadata:
  annotations:
    # Replace "${FOLDER_ID?}" with the numeric ID for your folder
    cnrm.cloud.google.com/folder-id: "${FOLDER_ID?}"
  labels:
    label-one: "value-one"
  name: sharedvpc-service-project-dep
spec:
  name: Config Connector Sample
  billingAccountRef:
    # Replace "${BILLING_ACCOUNT_ID?}" with the numeric ID for your billing account
    external: "${BILLING_ACCOUNT_ID?}"

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
projectRef:
  external: string
  name: string
  namespace: string
Fields
Name Description

projectRef

 

Required

object

projectRef.external

 

Optional

string

The name of a Project.

projectRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

projectRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

ComputeSnapshot

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.snapshots
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/snapshots
Config Connector Resource Short Names gcpcomputesnapshot
gcpcomputesnapshots
computesnapshot
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computesnapshots.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeDisk
metadata:
  name: computesnapshot-dep
spec:
  location: us-west1-c
  diskEncryptionKey:
    rawKey:
      valueFrom:
        secretKeyRef:
          name: computesnapshot-dep
          key: sourceDiskEncryptionKey
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSnapshot
metadata:
  name: computesnapshot-sample
  labels:
    label-one: "value-one"
spec:
  description: "ComputeSnapshot Sample"
  zone: us-west1-c
  sourceDiskRef:
    name: computesnapshot-dep
  snapshotEncryptionKey:
    rawKey:
      valueFrom:
        secretKeyRef:
          name: computesnapshot-dep
          key: snapshotEncryptionKey
  sourceDiskEncryptionKey:
    rawKey:
      valueFrom:
        secretKeyRef:
          name: computesnapshot-dep
          key: sourceDiskEncryptionKey
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Secret
metadata:
  name: computesnapshot-dep
stringData:
  snapshotEncryptionKey: a2NjIGlzIGF3ZXNvbWUgeW91IHNob3VsZCB0cnkgaXQ=
  sourceDiskEncryptionKey: SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
snapshotEncryptionKey:
  rawKey:
    value: string
    valueFrom:
      secretKeyRef:
        key: string
        name: string
  sha256: string
sourceDiskEncryptionKey:
  rawKey:
    value: string
    valueFrom:
      secretKeyRef:
        key: string
        name: string
sourceDiskRef:
  external: string
  name: string
  namespace: string
zone: string
Fields
Name Description

description

 

Optional

string

An optional description of this resource.

snapshotEncryptionKey

 

Optional

object

The customer-supplied encryption key of the snapshot. Required if the source snapshot is protected by a customer-supplied encryption key.

snapshotEncryptionKey.rawKey

 

Required*

object

Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

snapshotEncryptionKey.rawKey.value

 

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

snapshotEncryptionKey.rawKey.valueFrom

 

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

snapshotEncryptionKey.rawKey.valueFrom.secretKeyRef

 

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

snapshotEncryptionKey.rawKey.valueFrom.secretKeyRef.key

 

Required*

string

Key that identifies the value to be extracted.

snapshotEncryptionKey.rawKey.valueFrom.secretKeyRef.name

 

Required*

string

Name of the Secret to extract a value from.

snapshotEncryptionKey.sha256

 

Optional

string

The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

sourceDiskEncryptionKey

 

Optional

object

The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key.

sourceDiskEncryptionKey.rawKey

 

Optional

object

Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

sourceDiskEncryptionKey.rawKey.value

 

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

sourceDiskEncryptionKey.rawKey.valueFrom

 

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

sourceDiskEncryptionKey.rawKey.valueFrom.secretKeyRef

 

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

sourceDiskEncryptionKey.rawKey.valueFrom.secretKeyRef.key

 

Required*

string

Key that identifies the value to be extracted.

sourceDiskEncryptionKey.rawKey.valueFrom.secretKeyRef.name

 

Required*

string

Name of the Secret to extract a value from.

sourceDiskRef

 

Required

object

A reference to the disk used to create this snapshot.

sourceDiskRef.external

 

Optional

string

The name of a ComputeDisk.

sourceDiskRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

sourceDiskRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

zone

 

Optional

string

A reference to the zone where the disk is hosted.

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
diskSizeGb: integer
labelFingerprint: string
licenses:
- string
selfLink: string
snapshotId: integer
sourceDiskLink: string
storageBytes: integer
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

diskSizeGb

integer

Size of the snapshot, specified in GB.

labelFingerprint

string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

licenses

list (string)

licenses.[]

string

selfLink

string

snapshotId

integer

The unique identifier for the resource.

sourceDiskLink

string

storageBytes

integer

A size of the storage used by the snapshot. As snapshots share storage, this number is expected to change with snapshot creation/deletion.

ComputeSSLCertificate

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.sslCertificates
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/sslCertificates
Config Connector Resource Short Names gcpcomputesslcertificate
gcpcomputesslcertificates
computesslcertificate
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computesslcertificates.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSSLCertificate
metadata:
  name: computesslcertificate-sample
spec:
  location: global
  description: example compute SSL certificate
  certificate:
    valueFrom:
      secretKeyRef:
        name: computesslcertificate-dep
        key: certificate
  privateKey:
    valueFrom:
      secretKeyRef:
        name: computesslcertificate-dep
        key: privateKey
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Secret
metadata:
  name: computesslcertificate-dep
stringData:
  certificate: |
    -----BEGIN CERTIFICATE-----
    MIIDJTCCAg0CFHdD3ZGYMCmF3O4PvMwsP5i8d/V0MA0GCSqGSIb3DQEBCwUAME8x
    CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJXQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
    Z2l0cyBQdHkgTHRkMRAwDgYDVQQDDAdFeGFtcGxlMB4XDTE5MDkyOTIyMjgyOVoX
    DTIwMDkyODIyMjgyOVowTzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMSEwHwYD
    VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMMB0V4YW1wbGUw
    ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWLvOZIail12i6NXIqOspV
    corkuS1Nl0ayrl0VuKHCvheun/s7lLLgEfifzRueYlSUtdGg4atWIwEKsbIE+AF9
    uUTzkq/t6zHxFAAWgVZ6/hW696jqcZX3yU+LCuHPLSN0ruqD6ZygnYDVciDmYwxe
    601xNfOOYRlm6dGRx6uTxGDZtfu8zsaNI0UxTugTp2x5cKB66SbgdlIJvc2Hb54a
    7qOsb9CIf+rrK2xUdJUj4ueUEIMxjnY2u/Dc71SgfBVn+yFfN9MHNdcTWPXEUClE
    Fxd/MB3dGn7hVavXyvy3NT4tWhBgYBphfEUudDFej5MmVq56JOEQ2UtaQ+Imscud
    AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAMYTQyjVlo6TCYoyK6akjPX7vRiwCCAh
    jqsEu3bZqwUreOhZgRAyEXrq68dtXwTbwdisQmnhpBeBQuX4WWeas9TiycZ13TA1
    Z+h518D9OVXjrNs7oE3QNFeTom807IW16YydlrZMLKO8mQg6/BXfSHbLwuQHSIYS
    JD+uOfnkr08ORBbLGgBKKpy7ngflIkdSrQPmCYmYlvoy+goMAEVi0K3Y1wVzAF4k
    O4v8f7GXkNarsFT1QM82JboVV5uwX+uDmi858WKDHYGv2Ypv6yy93vdV0Xt/IBj3
    95/RDisBzcL7Ynpl34AAr5MLm7yCSsPrAmgevX4BOtcVc4rSXj5rcoE=
    -----END CERTIFICATE-----
  privateKey: |
    -----BEGIN RSA PRIVATE KEY-----
    MIIEpQIBAAKCAQEA1i7zmSGopddoujVyKjrKVXKK5LktTZdGsq5dFbihwr4Xrp/7
    O5Sy4BH4n80bnmJUlLXRoOGrViMBCrGyBPgBfblE85Kv7esx8RQAFoFWev4Vuveo
    6nGV98lPiwrhzy0jdK7qg+mcoJ2A1XIg5mMMXutNcTXzjmEZZunRkcerk8Rg2bX7
    vM7GjSNFMU7oE6dseXCgeukm4HZSCb3Nh2+eGu6jrG/QiH/q6ytsVHSVI+LnlBCD
    MY52Nrvw3O9UoHwVZ/shXzfTBzXXE1j1xFApRBcXfzAd3Rp+4VWr18r8tzU+LVoQ
    YGAaYXxFLnQxXo+TJlaueiThENlLWkPiJrHLnQIDAQABAoIBAQDMo/WZlQBG3Cay
    64fV83AI7jTozkkLvoMNC+3iaBMeN3P3I+HuDmhOEL2lKVq/HKJFp+bPuW50EWPY
    bOlzN+Zs0kygEMJJJxQDjCF9XzxarVPj3OcmgTpRkqWOaupPgYhD3zAws080YuiK
    h84Jcg+KzXWjunGn0vxrSPI0QDueJR2i03tEDBAtMZ0pvAsJ0gmXRdzGOc2uRzDm
    fbS3y/JIufClO28OzjJ5AJkbc9XgRDeCDOFY2D375bCg2boPYmP7Iw0HVU3RQhcr
    t+US27VQBRJF4cQ2CCyr0ZbdaPn41v+/A/qxF6ZPguyy+KoyQjCqK8iFArRQ48hJ
    cR2pFx4hAoGBAP2uXIJAdAemrOunv2CWlUHI2iHj/kJ1AXRMpiT+eF0US9E6tipE
    mL63HkUhiAs2nJnPi3RDxP+kAO2Z3anqjm1KCeGj+IYYZMavnkC8EVybv9lDwORy
    e2O1bfRc/tGa341KmvXLbp8oVMIYIvKz2cZmHGJ4V4DTq8dTvmqoE4/VAoGBANgk
    KWY5MJToZJJ5bV0mc2stmGt/IAZZPlKjVmKOjDyzqHRLAhsmbMyUhhgZtyj0dzSW
    ILEeaEJknYRrOB48D6IqkB8VnFJyHUG8l+Za41adqRQNid0S5n50/+eYbjZpYCrA
    SGmC2dhPZvRD6tOyEEJF5PZMvqxDcNRilc627HipAoGBAKzqrSQbyvtsIXKAZXLx
    McwlnIp9XlLubo9Xr+iHjIPl0chMvN8S4wscxwVYVeNO1nABiI03pJCcugU7XFz2
    BR952EJ2AnFlL0w/aR+3Eh6OC7eM927Amlrc0JZAzXESoE8vC3F/uWfDlgK3cRr+
    fPM/pxl37i1iGzVDYAhTiQIBAoGAPW25nmXumsOZoc+E945wCywAP7z3mxZOEip9
    6LDexnnBDJws0w6OqW4k1kCov6kLIBTy4aPkucniwrm+T0l+n/Y807jOntfz3LT+
    7ucx6XIRlbNrVTuD6rjR6j52RFyaikvvyJz50PJwLkgHO3dGC6/VrPKO1mKsdJA4
    R3HRr1ECgYEAobNQbQSLrSWZ1cozJbmNgRqqvxDNSEDi8LpXukOAw4pz1km7o3ob
    hCy1ksfFzsp5glYqwZd/Bahk64u3mII+rKoYwYLrH2l2aFDmMbdTfQUycpQZyi3+
    VtGS1PFoKx9fSFDNHhR5ZhfasQcuKHYfeFfO2/DoOxQkNCI1y4I2huo=
    -----END RSA PRIVATE KEY-----

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
certificate:
  value: string
  valueFrom:
    secretKeyRef:
      key: string
      name: string
description: string
location: string
privateKey:
  value: string
  valueFrom:
    secretKeyRef:
      key: string
      name: string
Fields
Name Description

certificate

 

Required

object

The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.

certificate.value

 

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

certificate.valueFrom

 

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

certificate.valueFrom.secretKeyRef

 

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

certificate.valueFrom.secretKeyRef.key

 

Required*

string

Key that identifies the value to be extracted.

certificate.valueFrom.secretKeyRef.name

 

Required*

string

Name of the Secret to extract a value from.

description

 

Optional

string

An optional description of this resource.

location

 

Required

string

Location represents the geographical location of the ComputeSSLCertificate. Specify "global" for global resources.

privateKey

 

Required

object

The write-only private key in PEM format.

privateKey.value

 

Optional

string

Value of the field. Cannot be used if 'valueFrom' is specified.

privateKey.valueFrom

 

Optional

object

Source for the field's value. Cannot be used if 'value' is specified.

privateKey.valueFrom.secretKeyRef

 

Optional

object

Reference to a value with the given key in the given Secret in the resource's namespace.

privateKey.valueFrom.secretKeyRef.key

 

Required*

string

Key that identifies the value to be extracted.

privateKey.valueFrom.secretKeyRef.name

 

Required*

string

Name of the Secret to extract a value from.

* Field is required when parent field is specified

Status

Schema
certificateId: integer
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
selfLink: string
Fields
certificateId

integer

The unique identifier for the resource.

conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

selfLink

string

ComputeSSLPolicy

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.sslPolicies
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/sslPolicies
Config Connector Resource Short Names gcpcomputesslpolicy
gcpcomputesslpolicies
computesslpolicy
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computesslpolicies.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Custom Tls 1 0 Ssl Policy

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSSLPolicy
metadata:
  name: computesslpolicy-sample-customtls10
spec:
  description: An SSL Policy with a CUSTOM encryption profile, supporting a custom set of ciphers for TLS 1.0 and up.
  profile: CUSTOM
  customFeatures:
    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    - TLS_RSA_WITH_AES_256_GCM_SHA384
    - TLS_RSA_WITH_AES_256_CBC_SHA

Modern Tls 1 1 Ssl Policy

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSSLPolicy
metadata:
  name: computesslpolicy-sample-moderntls11
spec:
  description: An SSL Policy with a MODERN encryption profile, supporting several modern methods of encryption for TLS 1.1 and up.
  minTlsVersion: TLS_1_1
  profile: MODERN

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
customFeatures:
- string
description: string
minTlsVersion: string
profile: string
Fields
Name Description

customFeatures

 

Optional

list (string)

customFeatures.[]

 

Optional

string

description

 

Optional

string

An optional description of this resource.

minTlsVersion

 

Optional

string

The minimum version of SSL protocol that can be used by the clients to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]

profile

 

Optional

string

Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. If using 'CUSTOM', the set of SSL features to enable must be specified in the 'customFeatures' field. See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) for information on what cipher suites each profile provides. If 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
enabledFeatures:
- string
fingerprint: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

enabledFeatures

list (string)

enabledFeatures.[]

string

fingerprint

string

Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.

selfLink

string

ComputeSubnetwork

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.subnetworks
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/subnetworks
Config Connector Resource Short Names gcpcomputesubnetwork
gcpcomputesubnetworks
computesubnetwork
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computesubnetworks.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember Yes
Supports IAM Conditions Yes
IAM External Reference Format

projects/{{project}}/regions/{{region}}/subnetworks/{{name}}

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computesubnetwork-dep
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
  labels:
    label-one: "value-one"
  name: computesubnetwork-sample
spec:
  ipCidrRange: 10.2.0.0/16
  region: us-central1
  description: My subnet
  enableFlowLogs: true
  privateIpGoogleAccess: false
  networkRef:
    name: computesubnetwork-dep
  logConfig:
    aggregationInterval: INTERVAL_10_MIN
    flowSampling: 0.5
    metadata: INCLUDE_ALL_METADATA

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
ipCidrRange: string
logConfig:
  aggregationInterval: string
  flowSampling: float
  metadata: string
networkRef:
  external: string
  name: string
  namespace: string
privateIpGoogleAccess: boolean
purpose: string
region: string
role: string
secondaryIpRange:
- ipCidrRange: string
  rangeName: string
Fields
Name Description

description

 

Optional

string

An optional description of this resource. Provide this property when you create the resource. This field can be set only at resource creation time.

ipCidrRange

 

Required

string

The range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported.

logConfig

 

Optional

object

Denotes the logging options for the subnetwork flow logs. If logging is enabled logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'

logConfig.aggregationInterval

 

Optional

string

Can only be specified if VPC flow logging for this subnetwork is enabled. Toggles the aggregation interval for collecting flow logs. Increasing the interval time will reduce the amount of generated flow logs for long lasting connections. Default is an interval of 5 seconds per connection. Possible values are INTERVAL_5_SEC, INTERVAL_30_SEC, INTERVAL_1_MIN, INTERVAL_5_MIN, INTERVAL_10_MIN, INTERVAL_15_MIN Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]

logConfig.flowSampling

 

Optional

float

Can only be specified if VPC flow logging for this subnetwork is enabled. The value of the field must be in [0, 1]. Set the sampling rate of VPC flow logs within the subnetwork where 1.0 means all collected logs are reported and 0.0 means no logs are reported. Default is 0.5 which means half of all collected logs are reported.

logConfig.metadata

 

Optional

string

Can only be specified if VPC flow logging for this subnetwork is enabled. Configures whether metadata fields should be added to the reported VPC flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA"]

networkRef

 

Required

object

The network this subnet belongs to. Only networks that are in the distributed mode can have subnetworks.

networkRef.external

 

Optional

string

The name of a ComputeNetwork.

networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

privateIpGoogleAccess

 

Optional

boolean

When enabled, VMs in this subnetwork without external IP addresses can access Google APIs and services by using Private Google Access.

purpose

 

Optional

string

The purpose of the resource. This field can be either PRIVATE or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. If unspecified, the purpose defaults to PRIVATE. If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the role. Possible values: ["INTERNAL_HTTPS_LOAD_BALANCER", "PRIVATE"]

region

 

Required

string

URL of the GCP region for this subnetwork.

role

 

Optional

string

The role of subnetwork. Currently, this field is only used when purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"]

secondaryIpRange

 

Optional

list (object)

secondaryIpRange.[]

 

Optional

object

secondaryIpRange.[].ipCidrRange

 

Required*

string

The range of IP addresses belonging to this subnetwork secondary range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported.

secondaryIpRange.[].rangeName

 

Required*

string

The name associated with this subnetwork secondary range, used when adding an alias IP range to a VM instance. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork.

* Field is required when parent field is specified

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
fingerprint: string
gatewayAddress: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

fingerprint

string

DEPRECATED — This field is not useful for users, and has been removed as an output. Fingerprint of this resource. This field is used internally during updates of this resource.

gatewayAddress

string

The gateway address for default routes to reach destination addresses outside this subnetwork.

selfLink

string

ComputeTargetHTTPProxy

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.targetHttpProxies
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/targetHttpProxies
Config Connector Resource Short Names gcpcomputetargethttpproxy
gcpcomputetargethttpproxies
computetargethttpproxy
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computetargethttpproxies.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
  name: computetargethttpproxy-dep
spec:
  healthChecks:
    - healthCheckRef:
        name: computetargethttpproxy-dep
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
  name: computetargethttpproxy-dep
spec:
  checkIntervalSec: 10
  httpHealthCheck:
    port: 80
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetHTTPProxy
metadata:
  name: computetargethttpproxy-sample
spec:
  description: "A sample proxy"
  urlMapRef:
    name: computetargethttpproxy-dep
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeURLMap
metadata:
  name: computetargethttpproxy-dep
spec:
  defaultService:
    backendServiceRef:
      name: computetargethttpproxy-dep
  location: global

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
location: string
urlMapRef:
  external: string
  name: string
  namespace: string
Fields
Name Description

description

 

Optional

string

An optional description of this resource.

location

 

Required

string

Location represents the geographical location of the ComputeTargetHTTPProxy. Specify "global" for global resources.

urlMapRef

 

Required

object

A reference to the ComputeURLMap resource that defines the mapping from URL to the BackendService.

urlMapRef.external

 

Optional

string

The selfLink of a ComputeURLMap.

urlMapRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

urlMapRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
proxyId: integer
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

proxyId

integer

The unique identifier for the resource.

selfLink

string

ComputeTargetHTTPSProxy

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.targetHttpsProxies
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/targetHttpsProxies
Config Connector Resource Short Names gcpcomputetargethttpsproxy
gcpcomputetargethttpsproxies
computetargethttpsproxy
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computetargethttpsproxies.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
  name: computetargethttpsproxy-dep
spec:
  healthChecks:
    - healthCheckRef:
        name: computetargethttpsproxy-dep
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
  name: computetargethttpsproxy-dep
spec:
  checkIntervalSec: 10
  httpHealthCheck:
    port: 80
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSSLCertificate
metadata:
  name: computetargethttpsproxy-dep
spec:
  location: global
  certificate:
    valueFrom:
      secretKeyRef:
        name: computetargethttpsproxy-dep
        key: certificate
  privateKey:
    valueFrom:
      secretKeyRef:
        name: computetargethttpsproxy-dep
        key: privateKey
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSSLPolicy
metadata:
  name: computetargethttpsproxy-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetHTTPSProxy
metadata:
  name: computetargethttpsproxy-sample
spec:
  description: "A sample proxy"
  urlMapRef:
    name: computetargethttpsproxy-dep
  sslCertificates:
    - name: computetargethttpsproxy-dep
  sslPolicyRef:
    name: computetargethttpsproxy-dep
  quicOverride: ENABLE
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeURLMap
metadata:
  name: computetargethttpsproxy-dep
spec:
  defaultService:
    backendServiceRef:
      name: computetargethttpsproxy-dep
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Secret
metadata:
  name: computetargethttpsproxy-dep
stringData:
  certificate: |
    -----BEGIN CERTIFICATE-----
    MIIDJTCCAg0CFHdD3ZGYMCmF3O4PvMwsP5i8d/V0MA0GCSqGSIb3DQEBCwUAME8x
    CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJXQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
    Z2l0cyBQdHkgTHRkMRAwDgYDVQQDDAdFeGFtcGxlMB4XDTE5MDkyOTIyMjgyOVoX
    DTIwMDkyODIyMjgyOVowTzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMSEwHwYD
    VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMMB0V4YW1wbGUw
    ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWLvOZIail12i6NXIqOspV
    corkuS1Nl0ayrl0VuKHCvheun/s7lLLgEfifzRueYlSUtdGg4atWIwEKsbIE+AF9
    uUTzkq/t6zHxFAAWgVZ6/hW696jqcZX3yU+LCuHPLSN0ruqD6ZygnYDVciDmYwxe
    601xNfOOYRlm6dGRx6uTxGDZtfu8zsaNI0UxTugTp2x5cKB66SbgdlIJvc2Hb54a
    7qOsb9CIf+rrK2xUdJUj4ueUEIMxjnY2u/Dc71SgfBVn+yFfN9MHNdcTWPXEUClE
    Fxd/MB3dGn7hVavXyvy3NT4tWhBgYBphfEUudDFej5MmVq56JOEQ2UtaQ+Imscud
    AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAMYTQyjVlo6TCYoyK6akjPX7vRiwCCAh
    jqsEu3bZqwUreOhZgRAyEXrq68dtXwTbwdisQmnhpBeBQuX4WWeas9TiycZ13TA1
    Z+h518D9OVXjrNs7oE3QNFeTom807IW16YydlrZMLKO8mQg6/BXfSHbLwuQHSIYS
    JD+uOfnkr08ORBbLGgBKKpy7ngflIkdSrQPmCYmYlvoy+goMAEVi0K3Y1wVzAF4k
    O4v8f7GXkNarsFT1QM82JboVV5uwX+uDmi858WKDHYGv2Ypv6yy93vdV0Xt/IBj3
    95/RDisBzcL7Ynpl34AAr5MLm7yCSsPrAmgevX4BOtcVc4rSXj5rcoE=
    -----END CERTIFICATE-----
  privateKey: |
    -----BEGIN RSA PRIVATE KEY-----
    MIIEpQIBAAKCAQEA1i7zmSGopddoujVyKjrKVXKK5LktTZdGsq5dFbihwr4Xrp/7
    O5Sy4BH4n80bnmJUlLXRoOGrViMBCrGyBPgBfblE85Kv7esx8RQAFoFWev4Vuveo
    6nGV98lPiwrhzy0jdK7qg+mcoJ2A1XIg5mMMXutNcTXzjmEZZunRkcerk8Rg2bX7
    vM7GjSNFMU7oE6dseXCgeukm4HZSCb3Nh2+eGu6jrG/QiH/q6ytsVHSVI+LnlBCD
    MY52Nrvw3O9UoHwVZ/shXzfTBzXXE1j1xFApRBcXfzAd3Rp+4VWr18r8tzU+LVoQ
    YGAaYXxFLnQxXo+TJlaueiThENlLWkPiJrHLnQIDAQABAoIBAQDMo/WZlQBG3Cay
    64fV83AI7jTozkkLvoMNC+3iaBMeN3P3I+HuDmhOEL2lKVq/HKJFp+bPuW50EWPY
    bOlzN+Zs0kygEMJJJxQDjCF9XzxarVPj3OcmgTpRkqWOaupPgYhD3zAws080YuiK
    h84Jcg+KzXWjunGn0vxrSPI0QDueJR2i03tEDBAtMZ0pvAsJ0gmXRdzGOc2uRzDm
    fbS3y/JIufClO28OzjJ5AJkbc9XgRDeCDOFY2D375bCg2boPYmP7Iw0HVU3RQhcr
    t+US27VQBRJF4cQ2CCyr0ZbdaPn41v+/A/qxF6ZPguyy+KoyQjCqK8iFArRQ48hJ
    cR2pFx4hAoGBAP2uXIJAdAemrOunv2CWlUHI2iHj/kJ1AXRMpiT+eF0US9E6tipE
    mL63HkUhiAs2nJnPi3RDxP+kAO2Z3anqjm1KCeGj+IYYZMavnkC8EVybv9lDwORy
    e2O1bfRc/tGa341KmvXLbp8oVMIYIvKz2cZmHGJ4V4DTq8dTvmqoE4/VAoGBANgk
    KWY5MJToZJJ5bV0mc2stmGt/IAZZPlKjVmKOjDyzqHRLAhsmbMyUhhgZtyj0dzSW
    ILEeaEJknYRrOB48D6IqkB8VnFJyHUG8l+Za41adqRQNid0S5n50/+eYbjZpYCrA
    SGmC2dhPZvRD6tOyEEJF5PZMvqxDcNRilc627HipAoGBAKzqrSQbyvtsIXKAZXLx
    McwlnIp9XlLubo9Xr+iHjIPl0chMvN8S4wscxwVYVeNO1nABiI03pJCcugU7XFz2
    BR952EJ2AnFlL0w/aR+3Eh6OC7eM927Amlrc0JZAzXESoE8vC3F/uWfDlgK3cRr+
    fPM/pxl37i1iGzVDYAhTiQIBAoGAPW25nmXumsOZoc+E945wCywAP7z3mxZOEip9
    6LDexnnBDJws0w6OqW4k1kCov6kLIBTy4aPkucniwrm+T0l+n/Y807jOntfz3LT+
    7ucx6XIRlbNrVTuD6rjR6j52RFyaikvvyJz50PJwLkgHO3dGC6/VrPKO1mKsdJA4
    R3HRr1ECgYEAobNQbQSLrSWZ1cozJbmNgRqqvxDNSEDi8LpXukOAw4pz1km7o3ob
    hCy1ksfFzsp5glYqwZd/Bahk64u3mII+rKoYwYLrH2l2aFDmMbdTfQUycpQZyi3+
    VtGS1PFoKx9fSFDNHhR5ZhfasQcuKHYfeFfO2/DoOxQkNCI1y4I2huo=
    -----END RSA PRIVATE KEY-----

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
location: string
quicOverride: string
sslCertificates:
- external: string
  name: string
  namespace: string
sslPolicyRef:
  external: string
  name: string
  namespace: string
urlMapRef:
  external: string
  name: string
  namespace: string
Fields
Name Description

description

 

Optional

string

An optional description of this resource.

location

 

Required

string

Location represents the geographical location of the ComputeTargetHTTPSProxy. Specify "global" for global resources.

quicOverride

 

Optional

string

Specifies the QUIC override policy for this resource. This determines whether the load balancer will attempt to negotiate QUIC with clients or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is specified, uses the QUIC policy with no user overrides, which is equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]

sslCertificates

 

Required

list (object)

A list of ComputeSSLCertificate resources that are used to authenticate connections between users and the load balancer. At least one SSL certificate must be specified.

sslCertificates.[]

 

Required

object

A list of ComputeSSLCertificate resources that are used to authenticate connections between users and the load balancer. At least one SSL certificate must be specified.

sslCertificates.[].external

 

Optional

string

The selfLink of a ComputeSSLCertificate.

sslCertificates.[].name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

sslCertificates.[].namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

sslPolicyRef

 

Optional

object

A reference to the ComputeSSLPolicy resource that will be associated with the ComputeTargetHTTPSProxy resource. If not set, the ComputeTargetHTTPSProxy resource will not have any SSL policy configured.

sslPolicyRef.external

 

Optional

string

The selfLink of a ComputeSSLPolicy.

sslPolicyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

sslPolicyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

urlMapRef

 

Required

object

A reference to the ComputeURLMap resource that defines the mapping from URL to the BackendService.

urlMapRef.external

 

Optional

string

The selfLink of a ComputeURLMap.

urlMapRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

urlMapRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
proxyId: integer
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

proxyId

integer

The unique identifier for the resource.

selfLink

string

ComputeTargetInstance

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.targetInstances
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/targetInstances
Config Connector Resource Short Names gcpcomputetargetinstance
gcpcomputetargetinstances
computetargetinstance
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computetargetinstances.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstance
metadata:
  name: computetargetinstance-dep
spec:
  machineType: n1-standard-1
  zone: us-central1-a
  bootDisk:
    initializeParams:
      sourceImageRef:
        external: debian-cloud/debian-9
  networkInterface:
  - networkRef:
      name: computetargetinstance-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computetargetinstance-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetInstance
metadata:
  name: computetargetinstance-sample
spec:
  description: Target instance, containing a VM instance which will have no NAT applied to it and can be used for protocol forwarding.
  zone: us-central1-a
  instanceRef:
    name: computetargetinstance-dep

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
instanceRef:
  external: string
  name: string
  namespace: string
natPolicy: string
zone: string
Fields
Name Description

description

 

Optional

string

An optional description of this resource.

instanceRef

 

Required

object

The ComputeInstance handling traffic for this target instance.

instanceRef.external

 

Optional

string

The selfLink of a ComputeInstance.

instanceRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

instanceRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

natPolicy

 

Optional

string

NAT option controlling how IPs are NAT'ed to the instance. Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]

zone

 

Required

string

URL of the zone where the target instance resides.

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

selfLink

string

ComputeTargetPool

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.targetPools
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/targetPools
Config Connector Resource Short Name ComputeTargetPool
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computetargetpools.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHTTPHealthCheck
metadata:
  name: computetargetpool-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstance
metadata:
  name: computetargetpool-dep1
spec:
  instanceTemplateRef:
    name: computetargetpool-dep
  zone: us-central1-a
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstance
metadata:
  name: computetargetpool-dep2
spec:
  instanceTemplateRef:
    name: computetargetpool-dep
  zone: us-central1-b
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstance
metadata:
  name: computetargetpool-dep3
spec:
  instanceTemplateRef:
    name: computetargetpool-dep
  zone: us-central1-b
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstance
metadata:
  name: computetargetpool-dep4
spec:
  instanceTemplateRef:
    name: computetargetpool-dep
  zone: us-central1-f
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstanceTemplate
metadata:
  name: computetargetpool-dep
spec:
  machineType: n1-standard-1
  disk:
    - sourceImageRef:
        external: debian-cloud/debian-9
      boot: true
  networkInterface:
    - networkRef:
        name: computetargetpool-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computetargetpool-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetPool
metadata:
  name: computetargetpool-dep
spec:
  region: us-central1
  instances:
    - name: computetargetpool-dep3
    - name: computetargetpool-dep4
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetPool
metadata:
  name: computetargetpool-sample
spec:
  backupTargetPoolRef:
    name: computetargetpool-dep
  description: A pool of compute instances to use as a backend to a load balancer, with health check and backup pool. A hash of requester's IP is used to determine session affinity to instances.
  instances:
  - name: computetargetpool-dep1
  - name: computetargetpool-dep2
  healthChecks:
    - httpHealthCheckRef:
        name: computetargetpool-dep
  failoverRatio: 0.5
  region: us-central1
  sessionAffinity: CLIENT_IP

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
backupTargetPoolRef:
  external: string
  name: string
  namespace: string
description: string
failoverRatio: float
healthChecks:
- httpHealthCheckRef:
    external: string
    name: string
    namespace: string
instances:
- external: string
  name: string
  namespace: string
region: string
sessionAffinity: string
Fields
Name Description

backupTargetPoolRef

 

Optional

object

backupTargetPoolRef.external

 

Optional

string

The selfLink of a ComputeTargetPool.

backupTargetPoolRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

backupTargetPoolRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

description

 

Optional

string

failoverRatio

 

Optional

float

healthChecks

 

Optional

list (object)

healthChecks.[]

 

Optional

object

healthChecks.[].httpHealthCheckRef

 

Optional

object

healthChecks.[].httpHealthCheckRef.external

 

Optional

string

The selfLink of a ComputeHTTPHealthCheck.

healthChecks.[].httpHealthCheckRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

healthChecks.[].httpHealthCheckRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

instances

 

Optional

list (object)

instances.[]

 

Optional

object

instances.[].external

 

Optional

string

The selfLink of a ComputeInstance.

instances.[].name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

instances.[].namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

region

 

Required

string

sessionAffinity

 

Optional

string

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

selfLink

string

ComputeTargetSSLProxy

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.targetSslProxies
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/targetSslProxies
Config Connector Resource Short Names gcpcomputetargetsslproxy
gcpcomputetargetsslproxies
computetargetsslproxy
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computetargetsslproxies.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
  name: computetargetsslproxy-dep
spec:
  healthChecks:
    - healthCheckRef:
        name: computetargetsslproxy-dep
  location: global
  protocol: SSL
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
  name: computetargetsslproxy-dep
spec:
  checkIntervalSec: 10
  httpHealthCheck:
    port: 80
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSSLCertificate
metadata:
  name: computetargetsslproxy-dep
spec:
  location: global
  certificate:
    valueFrom:
      secretKeyRef:
        name: computetargetsslproxy-dep
        key: certificate
  privateKey:
    valueFrom:
      secretKeyRef:
        name: computetargetsslproxy-dep
        key: privateKey
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSSLPolicy
metadata:
  name: computetargetsslproxy-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetSSLProxy
metadata:
  name: computetargetsslproxy-sample
spec:
  description: "A sample SSL proxy configured with a default SSL policy."
  backendServiceRef:
    name: computetargetsslproxy-dep
  sslCertificates:
    - name: computetargetsslproxy-dep
  sslPolicyRef:
    name: computetargetsslproxy-dep
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Secret
metadata:
  name: computetargetsslproxy-dep
stringData:
  certificate: |
    -----BEGIN CERTIFICATE-----
    MIIDJTCCAg0CFHdD3ZGYMCmF3O4PvMwsP5i8d/V0MA0GCSqGSIb3DQEBCwUAME8x
    CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJXQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
    Z2l0cyBQdHkgTHRkMRAwDgYDVQQDDAdFeGFtcGxlMB4XDTE5MDkyOTIyMjgyOVoX
    DTIwMDkyODIyMjgyOVowTzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMSEwHwYD
    VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMMB0V4YW1wbGUw
    ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWLvOZIail12i6NXIqOspV
    corkuS1Nl0ayrl0VuKHCvheun/s7lLLgEfifzRueYlSUtdGg4atWIwEKsbIE+AF9
    uUTzkq/t6zHxFAAWgVZ6/hW696jqcZX3yU+LCuHPLSN0ruqD6ZygnYDVciDmYwxe
    601xNfOOYRlm6dGRx6uTxGDZtfu8zsaNI0UxTugTp2x5cKB66SbgdlIJvc2Hb54a
    7qOsb9CIf+rrK2xUdJUj4ueUEIMxjnY2u/Dc71SgfBVn+yFfN9MHNdcTWPXEUClE
    Fxd/MB3dGn7hVavXyvy3NT4tWhBgYBphfEUudDFej5MmVq56JOEQ2UtaQ+Imscud
    AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAMYTQyjVlo6TCYoyK6akjPX7vRiwCCAh
    jqsEu3bZqwUreOhZgRAyEXrq68dtXwTbwdisQmnhpBeBQuX4WWeas9TiycZ13TA1
    Z+h518D9OVXjrNs7oE3QNFeTom807IW16YydlrZMLKO8mQg6/BXfSHbLwuQHSIYS
    JD+uOfnkr08ORBbLGgBKKpy7ngflIkdSrQPmCYmYlvoy+goMAEVi0K3Y1wVzAF4k
    O4v8f7GXkNarsFT1QM82JboVV5uwX+uDmi858WKDHYGv2Ypv6yy93vdV0Xt/IBj3
    95/RDisBzcL7Ynpl34AAr5MLm7yCSsPrAmgevX4BOtcVc4rSXj5rcoE=
    -----END CERTIFICATE-----
  privateKey: |
    -----BEGIN RSA PRIVATE KEY-----
    MIIEpQIBAAKCAQEA1i7zmSGopddoujVyKjrKVXKK5LktTZdGsq5dFbihwr4Xrp/7
    O5Sy4BH4n80bnmJUlLXRoOGrViMBCrGyBPgBfblE85Kv7esx8RQAFoFWev4Vuveo
    6nGV98lPiwrhzy0jdK7qg+mcoJ2A1XIg5mMMXutNcTXzjmEZZunRkcerk8Rg2bX7
    vM7GjSNFMU7oE6dseXCgeukm4HZSCb3Nh2+eGu6jrG/QiH/q6ytsVHSVI+LnlBCD
    MY52Nrvw3O9UoHwVZ/shXzfTBzXXE1j1xFApRBcXfzAd3Rp+4VWr18r8tzU+LVoQ
    YGAaYXxFLnQxXo+TJlaueiThENlLWkPiJrHLnQIDAQABAoIBAQDMo/WZlQBG3Cay
    64fV83AI7jTozkkLvoMNC+3iaBMeN3P3I+HuDmhOEL2lKVq/HKJFp+bPuW50EWPY
    bOlzN+Zs0kygEMJJJxQDjCF9XzxarVPj3OcmgTpRkqWOaupPgYhD3zAws080YuiK
    h84Jcg+KzXWjunGn0vxrSPI0QDueJR2i03tEDBAtMZ0pvAsJ0gmXRdzGOc2uRzDm
    fbS3y/JIufClO28OzjJ5AJkbc9XgRDeCDOFY2D375bCg2boPYmP7Iw0HVU3RQhcr
    t+US27VQBRJF4cQ2CCyr0ZbdaPn41v+/A/qxF6ZPguyy+KoyQjCqK8iFArRQ48hJ
    cR2pFx4hAoGBAP2uXIJAdAemrOunv2CWlUHI2iHj/kJ1AXRMpiT+eF0US9E6tipE
    mL63HkUhiAs2nJnPi3RDxP+kAO2Z3anqjm1KCeGj+IYYZMavnkC8EVybv9lDwORy
    e2O1bfRc/tGa341KmvXLbp8oVMIYIvKz2cZmHGJ4V4DTq8dTvmqoE4/VAoGBANgk
    KWY5MJToZJJ5bV0mc2stmGt/IAZZPlKjVmKOjDyzqHRLAhsmbMyUhhgZtyj0dzSW
    ILEeaEJknYRrOB48D6IqkB8VnFJyHUG8l+Za41adqRQNid0S5n50/+eYbjZpYCrA
    SGmC2dhPZvRD6tOyEEJF5PZMvqxDcNRilc627HipAoGBAKzqrSQbyvtsIXKAZXLx
    McwlnIp9XlLubo9Xr+iHjIPl0chMvN8S4wscxwVYVeNO1nABiI03pJCcugU7XFz2
    BR952EJ2AnFlL0w/aR+3Eh6OC7eM927Amlrc0JZAzXESoE8vC3F/uWfDlgK3cRr+
    fPM/pxl37i1iGzVDYAhTiQIBAoGAPW25nmXumsOZoc+E945wCywAP7z3mxZOEip9
    6LDexnnBDJws0w6OqW4k1kCov6kLIBTy4aPkucniwrm+T0l+n/Y807jOntfz3LT+
    7ucx6XIRlbNrVTuD6rjR6j52RFyaikvvyJz50PJwLkgHO3dGC6/VrPKO1mKsdJA4
    R3HRr1ECgYEAobNQbQSLrSWZ1cozJbmNgRqqvxDNSEDi8LpXukOAw4pz1km7o3ob
    hCy1ksfFzsp5glYqwZd/Bahk64u3mII+rKoYwYLrH2l2aFDmMbdTfQUycpQZyi3+
    VtGS1PFoKx9fSFDNHhR5ZhfasQcuKHYfeFfO2/DoOxQkNCI1y4I2huo=
    -----END RSA PRIVATE KEY-----

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
backendServiceRef:
  external: string
  name: string
  namespace: string
description: string
proxyHeader: string
sslCertificates:
- external: string
  name: string
  namespace: string
sslPolicyRef:
  external: string
  name: string
  namespace: string
Fields
Name Description

backendServiceRef

 

Required

object

A reference to the ComputeBackendService resource.

backendServiceRef.external

 

Optional

string

The selfLink of a ComputeBackendService.

backendServiceRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

backendServiceRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

description

 

Optional

string

An optional description of this resource.

proxyHeader

 

Optional

string

Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]

sslCertificates

 

Required

list (object)

A list of ComputeSSLCertificate resources that are used to authenticate connections between users and the load balancer. Currently, exactly one SSL certificate must be specified.

sslCertificates.[]

 

Required

object

A list of ComputeSSLCertificate resources that are used to authenticate connections between users and the load balancer. Currently, exactly one SSL certificate must be specified.

sslCertificates.[].external

 

Optional

string

The selfLink of a ComputeSSLCertificate.

sslCertificates.[].name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

sslCertificates.[].namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

sslPolicyRef

 

Optional

object

A reference to the ComputeSSLPolicy resource that will be associated with the TargetSslProxy resource. If not set, the ComputeTargetSSLProxy resource will not have any SSL policy configured.

sslPolicyRef.external

 

Optional

string

The selfLink of a ComputeSSLPolicy.

sslPolicyRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

sslPolicyRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
proxyId: integer
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

proxyId

integer

The unique identifier for the resource.

selfLink

string

ComputeTargetTCPProxy

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.targetTcpProxies
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/targetTcpProxies
Config Connector Resource Short Names gcpcomputetargettcpproxy
gcpcomputetargettcpproxies
computetargettcpproxy
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computetargettcpproxies.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
  name: computetargettcpproxy-dep
spec:
  healthChecks:
    - healthCheckRef:
        name: computetargettcpproxy-dep
  location: global
  protocol: TCP
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
  name: computetargettcpproxy-dep
spec:
  checkIntervalSec: 10
  tcpHealthCheck:
    port: 443
  location: global
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetTCPProxy
metadata:
  name: computetargettcpproxy-sample
spec:
  description: "A sample TCP proxy."
  backendServiceRef:
    name: computetargettcpproxy-dep

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
backendServiceRef:
  external: string
  name: string
  namespace: string
description: string
proxyHeader: string
Fields
Name Description

backendServiceRef

 

Required

object

A reference to the ComputeBackendService resource.

backendServiceRef.external

 

Optional

string

The selfLink of a ComputeBackendService.

backendServiceRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

backendServiceRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

description

 

Optional

string

An optional description of this resource.

proxyHeader

 

Optional

string

Specifies the type of proxy header to append before sending data to the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
proxyId: integer
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

proxyId

integer

The unique identifier for the resource.

selfLink

string

ComputeTargetVPNGateway

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.targetVpnGateways
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/targetVpnGateways
Config Connector Resource Short Names gcpcomputetargetvpngateway
gcpcomputetargetvpngateways
computetargetvpngateway
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computetargetvpngateways.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: computetargetvpngateway-dep
spec:
  routingMode: REGIONAL
  autoCreateSubnetworks: false
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetVPNGateway
metadata:
  name: computetargetvpngateway-sample
spec:
  description: a test target vpn gateway
  region: us-central1
  networkRef:
    name: computetargetvpngateway-dep

Custom Resource Definition Properties

Annotations

Name
cnrm.cloud.google.com/project-id

Spec

Schema
description: string
networkRef:
  external: string
  name: string
  namespace: string
region: string
Fields
Name Description

description

 

Optional

string

An optional description of this resource.

networkRef

 

Required

object

The network this VPN gateway is accepting traffic for.

networkRef.external

 

Optional

string

The selfLink of a ComputeNetwork.

networkRef.name

 

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

 

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

region

 

Required

string

The region this gateway should sit in.

Status

Schema
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTimestamp: string
gatewayId: integer
selfLink: string
Fields
conditions

list (object)

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

gatewayId

integer

The unique identifier for the resource.

selfLink

string

ComputeURLMap

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name v1.urlMaps
Google Cloud REST Resource Documentation /compute/docs/reference/rest/v1/urlMaps
Config Connector Resource Short Names gcpcomputeurlmap
gcpcomputeurlmaps
computeurlmap
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeurlmaps.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendBucket
metadata:
  name: computeurlmap-dep
spec:
  bucketRef:
    name: ${PROJECT_ID?}-com