1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: stable
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: computedisks.compute.cnrm.cloud.google.com
27spec:
28 group: compute.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: ComputeDisk
33 plural: computedisks
34 shortNames:
35 - gcpcomputedisk
36 - gcpcomputedisks
37 singular: computedisk
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 asyncPrimaryDisk:
75 description: Immutable. A nested object resource.
76 properties:
77 diskRef:
78 description: Immutable. Primary disk for asynchronous disk replication.
79 oneOf:
80 - not:
81 required:
82 - external
83 required:
84 - name
85 - not:
86 anyOf:
87 - required:
88 - name
89 - required:
90 - namespace
91 required:
92 - external
93 properties:
94 external:
95 description: 'Allowed value: The `selfLink` field of a `ComputeDisk`
96 resource.'
97 type: string
98 name:
99 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
100 type: string
101 namespace:
102 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
103 type: string
104 type: object
105 required:
106 - diskRef
107 type: object
108 description:
109 description: |-
110 Immutable. An optional description of this resource. Provide this property when
111 you create the resource.
112 type: string
113 diskEncryptionKey:
114 description: |-
115 Immutable. Encrypts the disk using a customer-supplied encryption key.
116
117 After you encrypt a disk with a customer-supplied key, you must
118 provide the same key if you use the disk later (e.g. to create a disk
119 snapshot or an image, or to attach the disk to a virtual machine).
120
121 Customer-supplied encryption keys do not protect access to metadata of
122 the disk.
123
124 If you do not provide an encryption key when creating the disk, then
125 the disk will be encrypted using an automatically generated key and
126 you do not need to provide a key to use the disk later.
127 properties:
128 kmsKeyRef:
129 description: |-
130 The encryption key used to encrypt the disk. Your project's Compute
131 Engine System service account
132 ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com')
133 must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this
134 feature. See
135 https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
136 oneOf:
137 - not:
138 required:
139 - external
140 required:
141 - name
142 - not:
143 anyOf:
144 - required:
145 - name
146 - required:
147 - namespace
148 required:
149 - external
150 properties:
151 external:
152 description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey`
153 resource.'
154 type: string
155 name:
156 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
157 type: string
158 namespace:
159 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
160 type: string
161 type: object
162 kmsKeyServiceAccountRef:
163 description: |-
164 The service account used for the encryption request for the given KMS key.
165 If absent, the Compute Engine Service Agent service account is used.
166 oneOf:
167 - not:
168 required:
169 - external
170 required:
171 - name
172 - not:
173 anyOf:
174 - required:
175 - name
176 - required:
177 - namespace
178 required:
179 - external
180 properties:
181 external:
182 description: 'Allowed value: The `email` field of an `IAMServiceAccount`
183 resource.'
184 type: string
185 name:
186 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
187 type: string
188 namespace:
189 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
190 type: string
191 type: object
192 rawKey:
193 description: |-
194 Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in
195 RFC 4648 base64 to either encrypt or decrypt this resource.
196 oneOf:
197 - not:
198 required:
199 - valueFrom
200 required:
201 - value
202 - not:
203 required:
204 - value
205 required:
206 - valueFrom
207 properties:
208 value:
209 description: Value of the field. Cannot be used if 'valueFrom'
210 is specified.
211 type: string
212 valueFrom:
213 description: Source for the field's value. Cannot be used
214 if 'value' is specified.
215 properties:
216 secretKeyRef:
217 description: Reference to a value with the given key in
218 the given Secret in the resource's namespace.
219 properties:
220 key:
221 description: Key that identifies the value to be extracted.
222 type: string
223 name:
224 description: Name of the Secret to extract a value
225 from.
226 type: string
227 required:
228 - key
229 - name
230 type: object
231 type: object
232 type: object
233 rsaEncryptedKey:
234 description: |-
235 Immutable. Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit
236 customer-supplied encryption key to either encrypt or decrypt
237 this resource. You can provide either the rawKey or the rsaEncryptedKey.
238 oneOf:
239 - not:
240 required:
241 - valueFrom
242 required:
243 - value
244 - not:
245 required:
246 - value
247 required:
248 - valueFrom
249 properties:
250 value:
251 description: Value of the field. Cannot be used if 'valueFrom'
252 is specified.
253 type: string
254 valueFrom:
255 description: Source for the field's value. Cannot be used
256 if 'value' is specified.
257 properties:
258 secretKeyRef:
259 description: Reference to a value with the given key in
260 the given Secret in the resource's namespace.
261 properties:
262 key:
263 description: Key that identifies the value to be extracted.
264 type: string
265 name:
266 description: Name of the Secret to extract a value
267 from.
268 type: string
269 required:
270 - name
271 - key
272 type: object
273 type: object
274 type: object
275 sha256:
276 description: |-
277 The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
278 encryption key that protects this resource.
279 type: string
280 type: object
281 guestOsFeatures:
282 description: |-
283 Immutable. A list of features to enable on the guest operating system.
284 Applicable only for bootable disks.
285 items:
286 properties:
287 type:
288 description: 'Immutable. The type of supported feature. Read
289 [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features)
290 to see a list of available options. Possible values: ["MULTI_IP_SUBNET",
291 "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE",
292 "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE", "SEV_SNP_CAPABLE",
293 "SUSPEND_RESUME_COMPATIBLE", "TDX_CAPABLE"].'
294 type: string
295 required:
296 - type
297 type: object
298 type: array
299 imageRef:
300 description: The image from which to initialize this disk.
301 oneOf:
302 - not:
303 required:
304 - external
305 required:
306 - name
307 - not:
308 anyOf:
309 - required:
310 - name
311 - required:
312 - namespace
313 required:
314 - external
315 properties:
316 external:
317 description: 'Allowed value: The `selfLink` field of a `ComputeImage`
318 resource.'
319 type: string
320 name:
321 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
322 type: string
323 namespace:
324 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
325 type: string
326 type: object
327 interface:
328 description: DEPRECATED. This field is no longer in use, disk interfaces
329 will be automatically determined on attachment. To resolve this
330 issue, remove this field from your config. Immutable. Specifies
331 the disk interface to use for attaching this disk, which is either
332 SCSI or NVME. The default is SCSI.
333 type: string
334 licenses:
335 description: Immutable. Any applicable license URI.
336 items:
337 type: string
338 type: array
339 location:
340 description: 'Location represents the geographical location of the
341 ComputeDisk. Specify a region name or a zone name. Reference: GCP
342 definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)'
343 type: string
344 multiWriter:
345 description: Immutable. Indicates whether or not the disk can be read/write
346 attached to more than one instance.
347 type: boolean
348 physicalBlockSizeBytes:
349 description: |-
350 Immutable. Physical block size of the persistent disk, in bytes. If not present
351 in a request, a default value is used. Currently supported sizes
352 are 4096 and 16384, other sizes may be added in the future.
353 If an unsupported value is requested, the error message will list
354 the supported values for the caller's project.
355 type: integer
356 projectRef:
357 description: The project that this resource belongs to.
358 oneOf:
359 - not:
360 required:
361 - external
362 required:
363 - name
364 - not:
365 anyOf:
366 - required:
367 - name
368 - required:
369 - namespace
370 required:
371 - external
372 properties:
373 external:
374 description: 'Allowed value: The `name` field of a `Project` resource.'
375 type: string
376 name:
377 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
378 type: string
379 namespace:
380 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
381 type: string
382 type: object
383 provisionedIops:
384 description: Immutable. Indicates how many IOPS must be provisioned
385 for the disk.
386 type: integer
387 replicaZones:
388 description: Immutable. URLs of the zones where the disk should be
389 replicated to.
390 items:
391 type: string
392 type: array
393 resourceID:
394 description: Immutable. Optional. The name of the resource. Used for
395 creation and acquisition. When unset, the value of `metadata.name`
396 is used as the default.
397 type: string
398 resourcePolicies:
399 items:
400 description: Resource policies applied to this disk for automatic
401 snapshot creations.
402 oneOf:
403 - not:
404 required:
405 - external
406 required:
407 - name
408 - not:
409 anyOf:
410 - required:
411 - name
412 - required:
413 - namespace
414 required:
415 - external
416 properties:
417 external:
418 description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy`
419 resource.'
420 type: string
421 name:
422 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
423 type: string
424 namespace:
425 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
426 type: string
427 type: object
428 type: array
429 size:
430 description: |-
431 Size of the persistent disk, specified in GB. You can specify this
432 field when creating a persistent disk using the 'image' or
433 'snapshot' parameter, or specify it alone to create an empty
434 persistent disk.
435
436 If you specify this field along with 'image' or 'snapshot',
437 the value must not be less than the size of the image
438 or the size of the snapshot.
439
440 Upsizing the disk is mutable, but downsizing the disk
441 requires re-creating the resource.
442 type: integer
443 snapshotRef:
444 description: The source snapshot used to create this disk.
445 oneOf:
446 - not:
447 required:
448 - external
449 required:
450 - name
451 - not:
452 anyOf:
453 - required:
454 - name
455 - required:
456 - namespace
457 required:
458 - external
459 properties:
460 external:
461 description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot`
462 resource.'
463 type: string
464 name:
465 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
466 type: string
467 namespace:
468 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
469 type: string
470 type: object
471 sourceDiskRef:
472 description: The source disk used to create this disk.
473 oneOf:
474 - not:
475 required:
476 - external
477 required:
478 - name
479 - not:
480 anyOf:
481 - required:
482 - name
483 - required:
484 - namespace
485 required:
486 - external
487 properties:
488 external:
489 description: 'Allowed value: The `selfLink` field of a `ComputeDisk`
490 resource.'
491 type: string
492 name:
493 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
494 type: string
495 namespace:
496 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
497 type: string
498 type: object
499 sourceImageEncryptionKey:
500 description: |-
501 Immutable. The customer-supplied encryption key of the source image. Required if
502 the source image is protected by a customer-supplied encryption key.
503 properties:
504 kmsKeyRef:
505 description: |-
506 The encryption key used to encrypt the disk. Your project's Compute
507 Engine System service account
508 ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com')
509 must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this
510 feature. See
511 https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
512 oneOf:
513 - not:
514 required:
515 - external
516 required:
517 - name
518 - not:
519 anyOf:
520 - required:
521 - name
522 - required:
523 - namespace
524 required:
525 - external
526 properties:
527 external:
528 description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey`
529 resource.'
530 type: string
531 name:
532 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
533 type: string
534 namespace:
535 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
536 type: string
537 type: object
538 kmsKeyServiceAccountRef:
539 description: |-
540 The service account used for the encryption request for the given KMS key.
541 If absent, the Compute Engine Service Agent service account is used.
542 oneOf:
543 - not:
544 required:
545 - external
546 required:
547 - name
548 - not:
549 anyOf:
550 - required:
551 - name
552 - required:
553 - namespace
554 required:
555 - external
556 properties:
557 external:
558 description: 'Allowed value: The `email` field of an `IAMServiceAccount`
559 resource.'
560 type: string
561 name:
562 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
563 type: string
564 namespace:
565 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
566 type: string
567 type: object
568 rawKey:
569 description: |-
570 Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in
571 RFC 4648 base64 to either encrypt or decrypt this resource.
572 type: string
573 sha256:
574 description: |-
575 The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
576 encryption key that protects this resource.
577 type: string
578 type: object
579 sourceSnapshotEncryptionKey:
580 description: |-
581 Immutable. The customer-supplied encryption key of the source snapshot. Required
582 if the source snapshot is protected by a customer-supplied encryption
583 key.
584 properties:
585 kmsKeyRef:
586 description: |-
587 The encryption key used to encrypt the disk. Your project's Compute
588 Engine System service account
589 ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com')
590 must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this
591 feature. See
592 https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
593 oneOf:
594 - not:
595 required:
596 - external
597 required:
598 - name
599 - not:
600 anyOf:
601 - required:
602 - name
603 - required:
604 - namespace
605 required:
606 - external
607 properties:
608 external:
609 description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey`
610 resource.'
611 type: string
612 name:
613 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
614 type: string
615 namespace:
616 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
617 type: string
618 type: object
619 kmsKeyServiceAccountRef:
620 description: |-
621 The service account used for the encryption request for the given KMS key.
622 If absent, the Compute Engine Service Agent service account is used.
623 oneOf:
624 - not:
625 required:
626 - external
627 required:
628 - name
629 - not:
630 anyOf:
631 - required:
632 - name
633 - required:
634 - namespace
635 required:
636 - external
637 properties:
638 external:
639 description: 'Allowed value: The `email` field of an `IAMServiceAccount`
640 resource.'
641 type: string
642 name:
643 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
644 type: string
645 namespace:
646 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
647 type: string
648 type: object
649 rawKey:
650 description: |-
651 Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in
652 RFC 4648 base64 to either encrypt or decrypt this resource.
653 type: string
654 sha256:
655 description: |-
656 The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
657 encryption key that protects this resource.
658 type: string
659 type: object
660 type:
661 description: |-
662 Immutable. URL of the disk type resource describing which disk type to use to
663 create the disk. Provide this when creating the disk.
664 type: string
665 required:
666 - location
667 type: object
668 status:
669 properties:
670 conditions:
671 description: Conditions represent the latest available observation
672 of the resource's current state.
673 items:
674 properties:
675 lastTransitionTime:
676 description: Last time the condition transitioned from one status
677 to another.
678 type: string
679 message:
680 description: Human-readable message indicating details about
681 last transition.
682 type: string
683 reason:
684 description: Unique, one-word, CamelCase reason for the condition's
685 last transition.
686 type: string
687 status:
688 description: Status is the status of the condition. Can be True,
689 False, Unknown.
690 type: string
691 type:
692 description: Type is the type of the condition.
693 type: string
694 type: object
695 type: array
696 creationTimestamp:
697 description: Creation timestamp in RFC3339 text format.
698 type: string
699 labelFingerprint:
700 description: |-
701 The fingerprint used for optimistic locking of this resource. Used
702 internally during updates.
703 type: string
704 lastAttachTimestamp:
705 description: Last attach timestamp in RFC3339 text format.
706 type: string
707 lastDetachTimestamp:
708 description: Last detach timestamp in RFC3339 text format.
709 type: string
710 observedGeneration:
711 description: ObservedGeneration is the generation of the resource
712 that was most recently observed by the Config Connector controller.
713 If this is equal to metadata.generation, then that means that the
714 current reported status reflects the most recent desired state of
715 the resource.
716 type: integer
717 selfLink:
718 type: string
719 sourceDiskId:
720 description: |-
721 The ID value of the disk used to create this image. This value may
722 be used to determine whether the image was taken from the current
723 or a previous instance of a given disk name.
724 type: string
725 sourceImageId:
726 description: |-
727 The ID value of the image used to create this disk. This value
728 identifies the exact image that was used to create this persistent
729 disk. For example, if you created the persistent disk from an image
730 that was later deleted and recreated under the same name, the source
731 image ID would identify the exact version of the image that was used.
732 type: string
733 sourceSnapshotId:
734 description: |-
735 The unique ID of the snapshot used to create this disk. This value
736 identifies the exact snapshot that was used to create this persistent
737 disk. For example, if you created the persistent disk from a snapshot
738 that was later deleted and recreated under the same name, the source
739 snapshot ID would identify the exact version of the snapshot that was
740 used.
741 type: string
742 users:
743 description: |-
744 Links to the users of the disk (attached instances) in form:
745 project/zones/zone/instances/instance.
746 items:
747 type: string
748 type: array
749 type: object
750 required:
751 - spec
752 type: object
753 served: true
754 storage: true
755 subresources:
756 status: {}
757status:
758 acceptedNames:
759 kind: ""
760 plural: ""
761 conditions: []
762 storedVersions: []
View as plain text