1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: alpha
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com
13spec:
14 group: osconfig.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: OSConfigPatchDeployment
19 plural: osconfigpatchdeployments
20 shortNames:
21 - gcposconfigpatchdeployment
22 - gcposconfigpatchdeployments
23 singular: osconfigpatchdeployment
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1alpha1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 description:
62 description: Immutable. Description of the patch deployment. Length
63 of the description is limited to 1024 characters.
64 type: string
65 duration:
66 description: |-
67 Immutable. Duration of the patch. After the duration ends, the patch times out.
68 A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
69 type: string
70 instanceFilter:
71 description: Immutable. VM instances to patch.
72 properties:
73 all:
74 description: Immutable. Target all VM instances in the project.
75 If true, no other criteria is permitted.
76 type: boolean
77 groupLabels:
78 description: Immutable. Targets VM instances matching ANY of these
79 GroupLabels. This allows targeting of disparate groups of VM
80 instances.
81 items:
82 properties:
83 labels:
84 additionalProperties:
85 type: string
86 description: Immutable. Compute Engine instance labels that
87 must be present for a VM instance to be targeted by this
88 filter.
89 type: object
90 required:
91 - labels
92 type: object
93 type: array
94 instanceNamePrefixes:
95 description: |-
96 Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group
97 VMs when targeting configs, for example prefix="prod-".
98 items:
99 type: string
100 type: array
101 instances:
102 description: |-
103 Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}',
104 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or
105 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'.
106 items:
107 type: string
108 type: array
109 zones:
110 description: Immutable. Targets VM instances in ANY of these zones.
111 Leave empty to target VM instances in any zone.
112 items:
113 type: string
114 type: array
115 type: object
116 oneTimeSchedule:
117 description: Immutable. Schedule a one-time execution.
118 properties:
119 executeTime:
120 description: |-
121 Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format,
122 accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
123 type: string
124 required:
125 - executeTime
126 type: object
127 patchConfig:
128 description: Immutable. Patch configuration that is applied.
129 properties:
130 apt:
131 description: Immutable. Apt update settings. Use this setting
132 to override the default apt patch rules.
133 properties:
134 excludes:
135 description: Immutable. List of packages to exclude from update.
136 These packages will be excluded.
137 items:
138 type: string
139 type: array
140 exclusivePackages:
141 description: |-
142 Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated.
143 If these packages are not installed, they will be ignored. This field cannot be specified with
144 any other patch configuration fields.
145 items:
146 type: string
147 type: array
148 type:
149 description: 'Immutable. By changing the type to DIST, the
150 patching is performed using apt-get dist-upgrade instead.
151 Possible values: ["DIST", "UPGRADE"].'
152 type: string
153 type: object
154 goo:
155 description: Immutable. goo update settings. Use this setting
156 to override the default goo patch rules.
157 properties:
158 enabled:
159 description: Immutable. goo update settings. Use this setting
160 to override the default goo patch rules.
161 type: boolean
162 required:
163 - enabled
164 type: object
165 migInstancesAllowed:
166 description: Immutable. Allows the patch job to run on Managed
167 instance groups (MIGs).
168 type: boolean
169 postStep:
170 description: Immutable. The ExecStep to run after the patch update.
171 properties:
172 linuxExecStepConfig:
173 description: Immutable. The ExecStepConfig for all Linux VMs
174 targeted by the PatchJob.
175 properties:
176 allowedSuccessCodes:
177 description: Immutable. Defaults to [0]. A list of possible
178 return values that the execution can return to indicate
179 a success.
180 items:
181 type: integer
182 type: array
183 gcsObject:
184 description: Immutable. A Cloud Storage object containing
185 the executable.
186 properties:
187 bucket:
188 description: Immutable. Bucket of the Cloud Storage
189 object.
190 type: string
191 generationNumber:
192 description: Immutable. Generation number of the Cloud
193 Storage object. This is used to ensure that the
194 ExecStep specified by this PatchJob does not change.
195 type: string
196 object:
197 description: Immutable. Name of the Cloud Storage
198 object.
199 type: string
200 required:
201 - bucket
202 - generationNumber
203 - object
204 type: object
205 interpreter:
206 description: |-
207 Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will
208 be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"].
209 type: string
210 localPath:
211 description: Immutable. An absolute path to the executable
212 on the VM.
213 type: string
214 type: object
215 windowsExecStepConfig:
216 description: Immutable. The ExecStepConfig for all Windows
217 VMs targeted by the PatchJob.
218 properties:
219 allowedSuccessCodes:
220 description: Immutable. Defaults to [0]. A list of possible
221 return values that the execution can return to indicate
222 a success.
223 items:
224 type: integer
225 type: array
226 gcsObject:
227 description: Immutable. A Cloud Storage object containing
228 the executable.
229 properties:
230 bucket:
231 description: Immutable. Bucket of the Cloud Storage
232 object.
233 type: string
234 generationNumber:
235 description: Immutable. Generation number of the Cloud
236 Storage object. This is used to ensure that the
237 ExecStep specified by this PatchJob does not change.
238 type: string
239 object:
240 description: Immutable. Name of the Cloud Storage
241 object.
242 type: string
243 required:
244 - bucket
245 - generationNumber
246 - object
247 type: object
248 interpreter:
249 description: |-
250 Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will
251 be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"].
252 type: string
253 localPath:
254 description: Immutable. An absolute path to the executable
255 on the VM.
256 type: string
257 type: object
258 type: object
259 preStep:
260 description: Immutable. The ExecStep to run before the patch update.
261 properties:
262 linuxExecStepConfig:
263 description: Immutable. The ExecStepConfig for all Linux VMs
264 targeted by the PatchJob.
265 properties:
266 allowedSuccessCodes:
267 description: Immutable. Defaults to [0]. A list of possible
268 return values that the execution can return to indicate
269 a success.
270 items:
271 type: integer
272 type: array
273 gcsObject:
274 description: Immutable. A Cloud Storage object containing
275 the executable.
276 properties:
277 bucket:
278 description: Immutable. Bucket of the Cloud Storage
279 object.
280 type: string
281 generationNumber:
282 description: Immutable. Generation number of the Cloud
283 Storage object. This is used to ensure that the
284 ExecStep specified by this PatchJob does not change.
285 type: string
286 object:
287 description: Immutable. Name of the Cloud Storage
288 object.
289 type: string
290 required:
291 - bucket
292 - generationNumber
293 - object
294 type: object
295 interpreter:
296 description: |-
297 Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will
298 be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"].
299 type: string
300 localPath:
301 description: Immutable. An absolute path to the executable
302 on the VM.
303 type: string
304 type: object
305 windowsExecStepConfig:
306 description: Immutable. The ExecStepConfig for all Windows
307 VMs targeted by the PatchJob.
308 properties:
309 allowedSuccessCodes:
310 description: Immutable. Defaults to [0]. A list of possible
311 return values that the execution can return to indicate
312 a success.
313 items:
314 type: integer
315 type: array
316 gcsObject:
317 description: Immutable. A Cloud Storage object containing
318 the executable.
319 properties:
320 bucket:
321 description: Immutable. Bucket of the Cloud Storage
322 object.
323 type: string
324 generationNumber:
325 description: Immutable. Generation number of the Cloud
326 Storage object. This is used to ensure that the
327 ExecStep specified by this PatchJob does not change.
328 type: string
329 object:
330 description: Immutable. Name of the Cloud Storage
331 object.
332 type: string
333 required:
334 - bucket
335 - generationNumber
336 - object
337 type: object
338 interpreter:
339 description: |-
340 Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will
341 be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"].
342 type: string
343 localPath:
344 description: Immutable. An absolute path to the executable
345 on the VM.
346 type: string
347 type: object
348 type: object
349 rebootConfig:
350 description: 'Immutable. Post-patch reboot settings. Possible
351 values: ["DEFAULT", "ALWAYS", "NEVER"].'
352 type: string
353 windowsUpdate:
354 description: Immutable. Windows update settings. Use this setting
355 to override the default Windows patch rules.
356 properties:
357 classifications:
358 description: 'Immutable. Only apply updates of these windows
359 update classifications. If empty, all updates are applied.
360 Possible values: ["CRITICAL", "SECURITY", "DEFINITION",
361 "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP",
362 "UPDATE"].'
363 items:
364 type: string
365 type: array
366 excludes:
367 description: Immutable. List of KBs to exclude from update.
368 items:
369 type: string
370 type: array
371 exclusivePatches:
372 description: |-
373 Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated.
374 This field must not be used with other patch configurations.
375 items:
376 type: string
377 type: array
378 type: object
379 yum:
380 description: Immutable. Yum update settings. Use this setting
381 to override the default yum patch rules.
382 properties:
383 excludes:
384 description: Immutable. List of packages to exclude from update.
385 These packages will be excluded.
386 items:
387 type: string
388 type: array
389 exclusivePackages:
390 description: |-
391 Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated.
392 If these packages are not installed, they will be ignored. This field cannot be specified with
393 any other patch configuration fields.
394 items:
395 type: string
396 type: array
397 minimal:
398 description: Immutable. Will cause patch to run yum update-minimal
399 instead.
400 type: boolean
401 security:
402 description: Immutable. Adds the --security flag to yum update.
403 Not supported on all platforms.
404 type: boolean
405 type: object
406 zypper:
407 description: Immutable. zypper update settings. Use this setting
408 to override the default zypper patch rules.
409 properties:
410 categories:
411 description: Immutable. Install only patches with these categories.
412 Common categories include security, recommended, and feature.
413 items:
414 type: string
415 type: array
416 excludes:
417 description: Immutable. List of packages to exclude from update.
418 items:
419 type: string
420 type: array
421 exclusivePatches:
422 description: |-
423 Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command.
424 This field must not be used with any other patch configuration fields.
425 items:
426 type: string
427 type: array
428 severities:
429 description: Immutable. Install only patches with these severities.
430 Common severities include critical, important, moderate,
431 and low.
432 items:
433 type: string
434 type: array
435 withOptional:
436 description: Immutable. Adds the --with-optional flag to zypper
437 patch.
438 type: boolean
439 withUpdate:
440 description: Immutable. Adds the --with-update flag, to zypper
441 patch.
442 type: boolean
443 type: object
444 type: object
445 patchDeploymentId:
446 description: |-
447 Immutable. A name for the patch deployment in the project. When creating a name the following rules apply:
448 * Must contain only lowercase letters, numbers, and hyphens.
449 * Must start with a letter.
450 * Must be between 1-63 characters.
451 * Must end with a number or a letter.
452 * Must be unique within the project.
453 type: string
454 projectRef:
455 description: The project that this resource belongs to.
456 oneOf:
457 - not:
458 required:
459 - external
460 required:
461 - name
462 - not:
463 anyOf:
464 - required:
465 - name
466 - required:
467 - namespace
468 required:
469 - external
470 properties:
471 external:
472 description: 'Allowed value: The `name` field of a `Project` resource.'
473 type: string
474 name:
475 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
476 type: string
477 namespace:
478 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
479 type: string
480 type: object
481 recurringSchedule:
482 description: Immutable. Schedule recurring executions.
483 properties:
484 endTime:
485 description: |-
486 Immutable. The end time at which a recurring patch deployment schedule is no longer active.
487 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
488 type: string
489 lastExecuteTime:
490 description: |-
491 The time the last patch job ran successfully.
492 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
493 type: string
494 monthly:
495 description: Immutable. Schedule with monthly executions.
496 properties:
497 monthDay:
498 description: |-
499 Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month.
500 Months without the target day will be skipped. For example, a schedule to run "every month on the 31st"
501 will not run in February, April, June, etc.
502 type: integer
503 weekDayOfMonth:
504 description: Immutable. Week day in a month.
505 properties:
506 dayOfWeek:
507 description: 'Immutable. A day of the week. Possible values:
508 ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY",
509 "SATURDAY", "SUNDAY"].'
510 type: string
511 weekOrdinal:
512 description: Immutable. Week number in a month. 1-4 indicates
513 the 1st to 4th week of the month. -1 indicates the last
514 week of the month.
515 type: integer
516 required:
517 - dayOfWeek
518 - weekOrdinal
519 type: object
520 type: object
521 nextExecuteTime:
522 description: |-
523 The time the next patch job is scheduled to run.
524 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
525 type: string
526 startTime:
527 description: |-
528 Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment.
529 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
530 type: string
531 timeOfDay:
532 description: Immutable. Time of the day to run a recurring deployment.
533 properties:
534 hours:
535 description: |-
536 Immutable. Hours of day in 24 hour format. Should be from 0 to 23.
537 An API may choose to allow the value "24:00:00" for scenarios like business closing time.
538 type: integer
539 minutes:
540 description: Immutable. Minutes of hour of day. Must be from
541 0 to 59.
542 type: integer
543 nanos:
544 description: Immutable. Fractions of seconds in nanoseconds.
545 Must be from 0 to 999,999,999.
546 type: integer
547 seconds:
548 description: Immutable. Seconds of minutes of the time. Must
549 normally be from 0 to 59. An API may allow the value 60
550 if it allows leap-seconds.
551 type: integer
552 type: object
553 timeZone:
554 description: |-
555 Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are
556 determined by the chosen time zone.
557 properties:
558 id:
559 description: Immutable. IANA Time Zone Database time zone,
560 e.g. "America/New_York".
561 type: string
562 version:
563 description: Immutable. IANA Time Zone Database version number,
564 e.g. "2019a".
565 type: string
566 required:
567 - id
568 type: object
569 weekly:
570 description: Immutable. Schedule with weekly executions.
571 properties:
572 dayOfWeek:
573 description: 'Immutable. IANA Time Zone Database time zone,
574 e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY",
575 "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].'
576 type: string
577 required:
578 - dayOfWeek
579 type: object
580 required:
581 - timeOfDay
582 - timeZone
583 type: object
584 resourceID:
585 description: Immutable. Optional. The service-generated name of the
586 resource. Used for acquisition only. Leave unset to create a new
587 resource.
588 type: string
589 rollout:
590 description: Immutable. Rollout strategy of the patch job.
591 properties:
592 disruptionBudget:
593 description: |-
594 Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up.
595 During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps.
596 A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget.
597 For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone.
598 For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops.
599 properties:
600 fixed:
601 description: Immutable. Specifies a fixed value.
602 type: integer
603 percentage:
604 description: Immutable. Specifies the relative value defined
605 as a percentage, which will be multiplied by a reference
606 value.
607 type: integer
608 type: object
609 mode:
610 description: 'Immutable. Mode of the patch rollout. Possible values:
611 ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].'
612 type: string
613 required:
614 - disruptionBudget
615 - mode
616 type: object
617 required:
618 - instanceFilter
619 - patchDeploymentId
620 - projectRef
621 type: object
622 status:
623 properties:
624 conditions:
625 description: Conditions represent the latest available observation
626 of the resource's current state.
627 items:
628 properties:
629 lastTransitionTime:
630 description: Last time the condition transitioned from one status
631 to another.
632 type: string
633 message:
634 description: Human-readable message indicating details about
635 last transition.
636 type: string
637 reason:
638 description: Unique, one-word, CamelCase reason for the condition's
639 last transition.
640 type: string
641 status:
642 description: Status is the status of the condition. Can be True,
643 False, Unknown.
644 type: string
645 type:
646 description: Type is the type of the condition.
647 type: string
648 type: object
649 type: array
650 createTime:
651 description: |-
652 Time the patch deployment was created. Timestamp is in RFC3339 text format.
653 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
654 type: string
655 lastExecuteTime:
656 description: |-
657 The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format.
658 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
659 type: string
660 name:
661 description: |-
662 Unique name for the patch deployment resource in a project.
663 The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}.
664 type: string
665 observedGeneration:
666 description: ObservedGeneration is the generation of the resource
667 that was most recently observed by the Config Connector controller.
668 If this is equal to metadata.generation, then that means that the
669 current reported status reflects the most recent desired state of
670 the resource.
671 type: integer
672 updateTime:
673 description: |-
674 Time the patch deployment was last updated. Timestamp is in RFC3339 text format.
675 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
676 type: string
677 type: object
678 required:
679 - spec
680 type: object
681 served: true
682 storage: true
683 subresources:
684 status: {}
685status:
686 acceptedNames:
687 kind: ""
688 plural: ""
689 conditions: []
690 storedVersions: []
View as plain text