1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: alpha
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com
27spec:
28 group: osconfig.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: OSConfigPatchDeployment
33 plural: osconfigpatchdeployments
34 shortNames:
35 - gcposconfigpatchdeployment
36 - gcposconfigpatchdeployments
37 singular: osconfigpatchdeployment
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1alpha1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 description:
75 description: Immutable. Description of the patch deployment. Length
76 of the description is limited to 1024 characters.
77 type: string
78 duration:
79 description: |-
80 Immutable. Duration of the patch. After the duration ends, the patch times out.
81 A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
82 type: string
83 instanceFilter:
84 description: Immutable. VM instances to patch.
85 properties:
86 all:
87 description: Immutable. Target all VM instances in the project.
88 If true, no other criteria is permitted.
89 type: boolean
90 groupLabels:
91 description: Immutable. Targets VM instances matching ANY of these
92 GroupLabels. This allows targeting of disparate groups of VM
93 instances.
94 items:
95 properties:
96 labels:
97 additionalProperties:
98 type: string
99 description: Immutable. Compute Engine instance labels that
100 must be present for a VM instance to be targeted by this
101 filter.
102 type: object
103 required:
104 - labels
105 type: object
106 type: array
107 instanceNamePrefixes:
108 description: |-
109 Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group
110 VMs when targeting configs, for example prefix="prod-".
111 items:
112 type: string
113 type: array
114 instances:
115 description: |-
116 Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}',
117 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or
118 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'.
119 items:
120 type: string
121 type: array
122 zones:
123 description: Immutable. Targets VM instances in ANY of these zones.
124 Leave empty to target VM instances in any zone.
125 items:
126 type: string
127 type: array
128 type: object
129 oneTimeSchedule:
130 description: Immutable. Schedule a one-time execution.
131 properties:
132 executeTime:
133 description: |-
134 Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format,
135 accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
136 type: string
137 required:
138 - executeTime
139 type: object
140 patchConfig:
141 description: Immutable. Patch configuration that is applied.
142 properties:
143 apt:
144 description: Immutable. Apt update settings. Use this setting
145 to override the default apt patch rules.
146 properties:
147 excludes:
148 description: Immutable. List of packages to exclude from update.
149 These packages will be excluded.
150 items:
151 type: string
152 type: array
153 exclusivePackages:
154 description: |-
155 Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated.
156 If these packages are not installed, they will be ignored. This field cannot be specified with
157 any other patch configuration fields.
158 items:
159 type: string
160 type: array
161 type:
162 description: 'Immutable. By changing the type to DIST, the
163 patching is performed using apt-get dist-upgrade instead.
164 Possible values: ["DIST", "UPGRADE"].'
165 type: string
166 type: object
167 goo:
168 description: Immutable. goo update settings. Use this setting
169 to override the default goo patch rules.
170 properties:
171 enabled:
172 description: Immutable. goo update settings. Use this setting
173 to override the default goo patch rules.
174 type: boolean
175 required:
176 - enabled
177 type: object
178 migInstancesAllowed:
179 description: Immutable. Allows the patch job to run on Managed
180 instance groups (MIGs).
181 type: boolean
182 postStep:
183 description: Immutable. The ExecStep to run after the patch update.
184 properties:
185 linuxExecStepConfig:
186 description: Immutable. The ExecStepConfig for all Linux VMs
187 targeted by the PatchJob.
188 properties:
189 allowedSuccessCodes:
190 description: Immutable. Defaults to [0]. A list of possible
191 return values that the execution can return to indicate
192 a success.
193 items:
194 type: integer
195 type: array
196 gcsObject:
197 description: Immutable. A Cloud Storage object containing
198 the executable.
199 properties:
200 bucket:
201 description: Immutable. Bucket of the Cloud Storage
202 object.
203 type: string
204 generationNumber:
205 description: Immutable. Generation number of the Cloud
206 Storage object. This is used to ensure that the
207 ExecStep specified by this PatchJob does not change.
208 type: string
209 object:
210 description: Immutable. Name of the Cloud Storage
211 object.
212 type: string
213 required:
214 - bucket
215 - generationNumber
216 - object
217 type: object
218 interpreter:
219 description: |-
220 Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will
221 be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"].
222 type: string
223 localPath:
224 description: Immutable. An absolute path to the executable
225 on the VM.
226 type: string
227 type: object
228 windowsExecStepConfig:
229 description: Immutable. The ExecStepConfig for all Windows
230 VMs targeted by the PatchJob.
231 properties:
232 allowedSuccessCodes:
233 description: Immutable. Defaults to [0]. A list of possible
234 return values that the execution can return to indicate
235 a success.
236 items:
237 type: integer
238 type: array
239 gcsObject:
240 description: Immutable. A Cloud Storage object containing
241 the executable.
242 properties:
243 bucket:
244 description: Immutable. Bucket of the Cloud Storage
245 object.
246 type: string
247 generationNumber:
248 description: Immutable. Generation number of the Cloud
249 Storage object. This is used to ensure that the
250 ExecStep specified by this PatchJob does not change.
251 type: string
252 object:
253 description: Immutable. Name of the Cloud Storage
254 object.
255 type: string
256 required:
257 - bucket
258 - generationNumber
259 - object
260 type: object
261 interpreter:
262 description: |-
263 Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will
264 be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"].
265 type: string
266 localPath:
267 description: Immutable. An absolute path to the executable
268 on the VM.
269 type: string
270 type: object
271 type: object
272 preStep:
273 description: Immutable. The ExecStep to run before the patch update.
274 properties:
275 linuxExecStepConfig:
276 description: Immutable. The ExecStepConfig for all Linux VMs
277 targeted by the PatchJob.
278 properties:
279 allowedSuccessCodes:
280 description: Immutable. Defaults to [0]. A list of possible
281 return values that the execution can return to indicate
282 a success.
283 items:
284 type: integer
285 type: array
286 gcsObject:
287 description: Immutable. A Cloud Storage object containing
288 the executable.
289 properties:
290 bucket:
291 description: Immutable. Bucket of the Cloud Storage
292 object.
293 type: string
294 generationNumber:
295 description: Immutable. Generation number of the Cloud
296 Storage object. This is used to ensure that the
297 ExecStep specified by this PatchJob does not change.
298 type: string
299 object:
300 description: Immutable. Name of the Cloud Storage
301 object.
302 type: string
303 required:
304 - bucket
305 - generationNumber
306 - object
307 type: object
308 interpreter:
309 description: |-
310 Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will
311 be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"].
312 type: string
313 localPath:
314 description: Immutable. An absolute path to the executable
315 on the VM.
316 type: string
317 type: object
318 windowsExecStepConfig:
319 description: Immutable. The ExecStepConfig for all Windows
320 VMs targeted by the PatchJob.
321 properties:
322 allowedSuccessCodes:
323 description: Immutable. Defaults to [0]. A list of possible
324 return values that the execution can return to indicate
325 a success.
326 items:
327 type: integer
328 type: array
329 gcsObject:
330 description: Immutable. A Cloud Storage object containing
331 the executable.
332 properties:
333 bucket:
334 description: Immutable. Bucket of the Cloud Storage
335 object.
336 type: string
337 generationNumber:
338 description: Immutable. Generation number of the Cloud
339 Storage object. This is used to ensure that the
340 ExecStep specified by this PatchJob does not change.
341 type: string
342 object:
343 description: Immutable. Name of the Cloud Storage
344 object.
345 type: string
346 required:
347 - bucket
348 - generationNumber
349 - object
350 type: object
351 interpreter:
352 description: |-
353 Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will
354 be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"].
355 type: string
356 localPath:
357 description: Immutable. An absolute path to the executable
358 on the VM.
359 type: string
360 type: object
361 type: object
362 rebootConfig:
363 description: 'Immutable. Post-patch reboot settings. Possible
364 values: ["DEFAULT", "ALWAYS", "NEVER"].'
365 type: string
366 windowsUpdate:
367 description: Immutable. Windows update settings. Use this setting
368 to override the default Windows patch rules.
369 properties:
370 classifications:
371 description: 'Immutable. Only apply updates of these windows
372 update classifications. If empty, all updates are applied.
373 Possible values: ["CRITICAL", "SECURITY", "DEFINITION",
374 "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP",
375 "UPDATE"].'
376 items:
377 type: string
378 type: array
379 excludes:
380 description: Immutable. List of KBs to exclude from update.
381 items:
382 type: string
383 type: array
384 exclusivePatches:
385 description: |-
386 Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated.
387 This field must not be used with other patch configurations.
388 items:
389 type: string
390 type: array
391 type: object
392 yum:
393 description: Immutable. Yum update settings. Use this setting
394 to override the default yum patch rules.
395 properties:
396 excludes:
397 description: Immutable. List of packages to exclude from update.
398 These packages will be excluded.
399 items:
400 type: string
401 type: array
402 exclusivePackages:
403 description: |-
404 Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated.
405 If these packages are not installed, they will be ignored. This field cannot be specified with
406 any other patch configuration fields.
407 items:
408 type: string
409 type: array
410 minimal:
411 description: Immutable. Will cause patch to run yum update-minimal
412 instead.
413 type: boolean
414 security:
415 description: Immutable. Adds the --security flag to yum update.
416 Not supported on all platforms.
417 type: boolean
418 type: object
419 zypper:
420 description: Immutable. zypper update settings. Use this setting
421 to override the default zypper patch rules.
422 properties:
423 categories:
424 description: Immutable. Install only patches with these categories.
425 Common categories include security, recommended, and feature.
426 items:
427 type: string
428 type: array
429 excludes:
430 description: Immutable. List of packages to exclude from update.
431 items:
432 type: string
433 type: array
434 exclusivePatches:
435 description: |-
436 Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command.
437 This field must not be used with any other patch configuration fields.
438 items:
439 type: string
440 type: array
441 severities:
442 description: Immutable. Install only patches with these severities.
443 Common severities include critical, important, moderate,
444 and low.
445 items:
446 type: string
447 type: array
448 withOptional:
449 description: Immutable. Adds the --with-optional flag to zypper
450 patch.
451 type: boolean
452 withUpdate:
453 description: Immutable. Adds the --with-update flag, to zypper
454 patch.
455 type: boolean
456 type: object
457 type: object
458 patchDeploymentId:
459 description: |-
460 Immutable. A name for the patch deployment in the project. When creating a name the following rules apply:
461 * Must contain only lowercase letters, numbers, and hyphens.
462 * Must start with a letter.
463 * Must be between 1-63 characters.
464 * Must end with a number or a letter.
465 * Must be unique within the project.
466 type: string
467 projectRef:
468 description: The project that this resource belongs to.
469 oneOf:
470 - not:
471 required:
472 - external
473 required:
474 - name
475 - not:
476 anyOf:
477 - required:
478 - name
479 - required:
480 - namespace
481 required:
482 - external
483 properties:
484 external:
485 description: 'Allowed value: The `name` field of a `Project` resource.'
486 type: string
487 name:
488 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
489 type: string
490 namespace:
491 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
492 type: string
493 type: object
494 recurringSchedule:
495 description: Immutable. Schedule recurring executions.
496 properties:
497 endTime:
498 description: |-
499 Immutable. The end time at which a recurring patch deployment schedule is no longer active.
500 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
501 type: string
502 lastExecuteTime:
503 description: |-
504 The time the last patch job ran successfully.
505 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
506 type: string
507 monthly:
508 description: Immutable. Schedule with monthly executions.
509 properties:
510 monthDay:
511 description: |-
512 Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month.
513 Months without the target day will be skipped. For example, a schedule to run "every month on the 31st"
514 will not run in February, April, June, etc.
515 type: integer
516 weekDayOfMonth:
517 description: Immutable. Week day in a month.
518 properties:
519 dayOfWeek:
520 description: 'Immutable. A day of the week. Possible values:
521 ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY",
522 "SATURDAY", "SUNDAY"].'
523 type: string
524 weekOrdinal:
525 description: Immutable. Week number in a month. 1-4 indicates
526 the 1st to 4th week of the month. -1 indicates the last
527 week of the month.
528 type: integer
529 required:
530 - dayOfWeek
531 - weekOrdinal
532 type: object
533 type: object
534 nextExecuteTime:
535 description: |-
536 The time the next patch job is scheduled to run.
537 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
538 type: string
539 startTime:
540 description: |-
541 Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment.
542 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
543 type: string
544 timeOfDay:
545 description: Immutable. Time of the day to run a recurring deployment.
546 properties:
547 hours:
548 description: |-
549 Immutable. Hours of day in 24 hour format. Should be from 0 to 23.
550 An API may choose to allow the value "24:00:00" for scenarios like business closing time.
551 type: integer
552 minutes:
553 description: Immutable. Minutes of hour of day. Must be from
554 0 to 59.
555 type: integer
556 nanos:
557 description: Immutable. Fractions of seconds in nanoseconds.
558 Must be from 0 to 999,999,999.
559 type: integer
560 seconds:
561 description: Immutable. Seconds of minutes of the time. Must
562 normally be from 0 to 59. An API may allow the value 60
563 if it allows leap-seconds.
564 type: integer
565 type: object
566 timeZone:
567 description: |-
568 Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are
569 determined by the chosen time zone.
570 properties:
571 id:
572 description: Immutable. IANA Time Zone Database time zone,
573 e.g. "America/New_York".
574 type: string
575 version:
576 description: Immutable. IANA Time Zone Database version number,
577 e.g. "2019a".
578 type: string
579 required:
580 - id
581 type: object
582 weekly:
583 description: Immutable. Schedule with weekly executions.
584 properties:
585 dayOfWeek:
586 description: 'Immutable. IANA Time Zone Database time zone,
587 e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY",
588 "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].'
589 type: string
590 required:
591 - dayOfWeek
592 type: object
593 required:
594 - timeOfDay
595 - timeZone
596 type: object
597 resourceID:
598 description: Immutable. Optional. The service-generated name of the
599 resource. Used for acquisition only. Leave unset to create a new
600 resource.
601 type: string
602 rollout:
603 description: Immutable. Rollout strategy of the patch job.
604 properties:
605 disruptionBudget:
606 description: |-
607 Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up.
608 During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps.
609 A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget.
610 For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone.
611 For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops.
612 properties:
613 fixed:
614 description: Immutable. Specifies a fixed value.
615 type: integer
616 percentage:
617 description: Immutable. Specifies the relative value defined
618 as a percentage, which will be multiplied by a reference
619 value.
620 type: integer
621 type: object
622 mode:
623 description: 'Immutable. Mode of the patch rollout. Possible values:
624 ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].'
625 type: string
626 required:
627 - disruptionBudget
628 - mode
629 type: object
630 required:
631 - instanceFilter
632 - patchDeploymentId
633 - projectRef
634 type: object
635 status:
636 properties:
637 conditions:
638 description: Conditions represent the latest available observation
639 of the resource's current state.
640 items:
641 properties:
642 lastTransitionTime:
643 description: Last time the condition transitioned from one status
644 to another.
645 type: string
646 message:
647 description: Human-readable message indicating details about
648 last transition.
649 type: string
650 reason:
651 description: Unique, one-word, CamelCase reason for the condition's
652 last transition.
653 type: string
654 status:
655 description: Status is the status of the condition. Can be True,
656 False, Unknown.
657 type: string
658 type:
659 description: Type is the type of the condition.
660 type: string
661 type: object
662 type: array
663 createTime:
664 description: |-
665 Time the patch deployment was created. Timestamp is in RFC3339 text format.
666 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
667 type: string
668 lastExecuteTime:
669 description: |-
670 The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format.
671 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
672 type: string
673 name:
674 description: |-
675 Unique name for the patch deployment resource in a project.
676 The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}.
677 type: string
678 observedGeneration:
679 description: ObservedGeneration is the generation of the resource
680 that was most recently observed by the Config Connector controller.
681 If this is equal to metadata.generation, then that means that the
682 current reported status reflects the most recent desired state of
683 the resource.
684 type: integer
685 updateTime:
686 description: |-
687 Time the patch deployment was last updated. Timestamp is in RFC3339 text format.
688 A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
689 type: string
690 type: object
691 required:
692 - spec
693 type: object
694 served: true
695 storage: true
696 subresources:
697 status: {}
698status:
699 acceptedNames:
700 kind: ""
701 plural: ""
702 conditions: []
703 storedVersions: []
View as plain text