Migrate for Anthos YAML reference

You configure migrations with Migrate for Anthos by using Kubernetes YAML files. This topic describes the Migrate for Anthos annotations you use in those YAML files.

This reference focuses on the specific annotations added by Migrate for Anthos to Kubernetes Objects. Standard Kubernetes Objects that are not extended by Migrate for Anthos are not described here. For more on Kubernetes configuration, see Kubernetes Concepts for further descriptions.

You can use Cloud Code to manage your YAML configurations in your favorite IDEs.


The Migrate for Anthos storage exporter uses a ConfigMap to specify filename patterns to ignore during storage export.

Key Possible Values Value definition
data.config.appSpec.dataFilter List of file patterns Wildcard filename patterns to exclude from export. For more information on pattern formatting, see the rsync man page.

Example ConfigMap YAML

#Storage Exporter configuration:

apiVersion: v1
kind: ConfigMap
  name: exporter-sample-config
  config: |-
      - "- *.swp"
      - "- /etc/fstab"
      - "- /boot/"
      - "- /tmp/"

Job (for storage export)

These annotations must be placed in spec.template.metadata.annotations rather than in metadata.annotations.

Key Annotation Optional Possible Values Value definition
spec.template.metadata.annotations anthos-migrate.gcr.io/action No export If set to export and used within a Job, Migrate for Anthos will export the PersistentVolume's data to a Compute Engine Persistent Disk.
spec.template.metadata.annotations anthos-migrate.gcr.io/source-type No streaming-disk The type of storage to export to a new PersistentVolumeClaim
spec.template.metadata.annotations anthos-migrate.gcr.io/source-pvc No [STRING] The name of the PersistentVolumeClaim to export.
spec.template.metadata.annotations anthos-migrate.gcr.io/target-pvc Required for storage export [STRING] The name of the PersistentVolumeClaim where data is exported.
spec.template.metadata.annotations anthos-migrate.gcr.io/config Required for storage export exporter-sample-config Named storage exported configuration.

Example Job YAML

The following example defines storage exporter jobs.

# Storage Exporter Jobs

apiVersion: batch/v1
kind: Job
  name: exporter-sample-demo-app
        anthos-migrate.gcr.io/action: export
        anthos-migrate.gcr.io/source-type: streaming-disk
        anthos-migrate.gcr.io/source-pvc: csi-disk-demo-app
        anthos-migrate.gcr.io/target-pvc: gce-pd-claim-demo-app
        anthos-migrate.gcr.io/config: exporter-sample-config
        sidecar.istio.io/inject: "false"
      restartPolicy: OnFailure
      - name: exporter-sample
        image: anthos-migrate.gcr.io/v2k-export:v1.0.1 


A PersistentVolumeClaim defines storage volumes migrated and exported using Migrate for Anthos.

Key Annotation Possible Values Value definition
metadata.annotations anthos-migrate.gcr.io/vm-id [STRING] The ID for the source VM.

This will differ based on the source platform:

  • VMware -- Use one of the values described below. For more on finding a useful value to use here, see Migrating VMware VMs to GKE.
    • The VM name. To be valid, this name must be unique across your VMware instance. A non-unique VM name will generate an error during migration.
    • The VM ID from vSphere (also called a MoRef). Use this value if your VMs might not be uniquely named.
  • AWS -- Instance ID (see Migrating Amazon EC2 VMs for details)
  • Azure -- vmId (see Migrating Azure VMs for details)

The source VM platform is identified through the StorageClass object, whose cloud-details field specifies which cloud has the source VM.

metadata.annotations anthos-migrate.gcr.io/vm-data-access-mode Either
Streaming or

If set to Streaming, when starting the container Migrate for Anthos will stream data from the source VM.

If set to FullyCached, Migrate for Anthos will start the container using data cached in GKE. A fully cached workload does not rely on on-premises storage and helps to speed storage export.

When bandwidth during migration might be an issue, consider setting the storage migration rate limit at your Migrate for Compute Engine deployment.

metadata.annotations anthos-migrate.gcr.io/run-mode Either
Normal or

If set to Normal, Migrate for Anthos will shut the source VM down before migrating it.

If set to TestClone, Migrate for Anthos will take a snapshot of the VM's storage and leave the VM running. The container will be launched from the VM's snapshot.

spec.storageClassName [STRING] Name of the StorageClass defined when you installed Migrate for Anthos.

Example PersistentVolumeClaim YAML

apiVersion: v1
kind: PersistentVolumeClaim
  name: csi-disk-suitecrm-app
  namespace: default  # StatefulSet and PersistentVolumeClaim must be in the same namespace.
    anthos-migrate.gcr.io/vm-id: vm-1 # Replace with application's VM ID
    anthos-migrate.gcr.io/vm-data-access-mode: FullyCached
    anthos-migrate.gcr.io/run-mode: TestClone
  - ReadWriteOnce
  storageClassName: storage-class # Replace with your Storage Class name
      storage: 1Gi


Specifies sensitive values that Migrate for Anthos uses to communicate with other system components.

Sensitive values in the Secret definition must be base64-encoded when you create the Secret. If you're creating the Secret using kubectl create secret, you can enter literal values in the YAML, then have those values automatically base64-encoded by specifying --from-literal.

You can instead base64-encode sensitive values in advance, then include the encoded values in your Secret YAML. For example, the following example encodes the string mypassword to bXlwYXNzd29yZA==:

echo -n mypassword | base64
Key Optional Possible Values Value definition
management-ip No Base64-encoded IP address IP address of the Migrate for Compute Engine Manager.
api-username No YXBpdXNlcg== Base64-encoded value of apiuser.
api-password No Base64-encoded password for the Migrate for Compute Engine Manager. Password for authenticating with the Migrate for Compute Engine Manager.
cloud-extension-id No Base64-encoded Cloud Extension ID. Your Cloud Extension ID.

Example Secret YAML

kind: Secret
apiVersion: v1
  management-ip: [BASE_64_MANAGER_IP]
  api-username: YXBpdXNlcg==
  api-password: [BASE_64_MANAGER_PASSWORD]
  cloud-extension-id: [BASE_64_EXTENSION_ID]

StatefulSet (for migrations)

These annotations must be placed in spec.template.metadata.annotations rather than in metadata.annoatations.

Key Annotation Optional Possible Values Value definition
metadata.annotations anthos-migrate.gcr.io/log Yes [STRING]

Name of the ConfigMap that lists log files whose contents should be written to Stackdriver Logging.

spec.template.metadata.annotations anthos-migrate.gcr.io/action No run

If set to run and used within a StatefulSet, Migrate for Anthos will start the container normally.

spec.template.metadata.annotations anthos-migrate.gcr.io/source-type No Either
streaming-disk or

If set to streaming-disk, the StatefulSet uses the Migrate for Anthos CSI driver for storage.

If set to exported, the StatefulSet will mount the exported PersistentVolumeClaim.

spec.template.metadata.annotations anthos-migrate.gcr.io/source-pvc No [STRING] The name of the PersistentVolumeClaim to mount to the StatefulSet.

Example StatefulSet YAML

apiVersion: apps/v1
kind: StatefulSet
  name: suitecrm-app
  namespace: default # StatefulSet and PersistentVolumeClaim must be in the same namespace.
    anthos-migrate.gcr.io/log: my-app-log-config
  serviceName: suitecrm-app-svc
  replicas: 1
      app: suitecrm-app
        app: suitecrm-app
        anthos-migrate.gcr.io/action: run
        anthos-migrate.gcr.io/source-type: streaming-disk
        anthos-migrate.gcr.io/source-pvc: csi-disk-suitecrm-app # This needs to match the name of the PVC declared above.
      - name: suitecrm-app
        image: anthos-migrate.gcr.io/v2k-run:v1.0.1 # The image for the Migrate for Anthos system container.


Defines storage used during migration.

Key Optional Possible Values Value definition
cloud-details No [STRING] A string that is the name you gave the Cloud Details object when configuring it.
csi.storage.k8s.io/provisioner-secret-name No [STRING] The name of the Secret object you configured.
csi.storage.k8s.io/provisioner-secret-namespace No default
csi.storage.k8s.io/controller-publish-secret-name No [STRING] The name of the Secret object you configured.
csi.storage.k8s.io/controller-publish-secret-namespace No default

Example StorageClass YAML

kind: StorageClass
apiVersion: storage.k8s.io/v1
provisioner: io.gcr.anthos-migrate
  type: streaming
  csi.storage.k8s.io/provisioner-secret-name: [SECRET_OBJECT_NAME]
  csi.storage.k8s.io/provisioner-secret-namespace: default
  csi.storage.k8s.io/controller-publish-secret-name: [SECRET_OBJECT_NAME]
  csi.storage.k8s.io/controller-publish-secret-namespace: default
  cloud-details: [CLOUD_DETAILS_OBJECT_NAME]