InstanceTemplate is the Schema for the InstanceTemplates API. Manages a VM instance template resource within GCE.
Type
CRD
Group
compute.gcp.upbound.io
Version
v1beta1
apiVersion: compute.gcp.upbound.io/v1beta1
kind: InstanceTemplate
InstanceTemplateSpec defines the desired state of InstanceTemplate
No description provided.
Configure Nested Virtualisation and Simultaneous Hyper Threading on this VM. Structure is documented below
Enable Confidential Mode on this VM. Structure is documented below
Disks to attach to instances created from this template. This can be specified multiple times for multiple disks. Structure is documented below.
Encrypts or decrypts a disk using a customer-supplied encryption key.
- A list (short name or id) of resource policies to attach to this disk for automatic snapshot creations. Currently a max of 1 resource policy is supported.
The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key.
Reference to a Disk in compute to populate source.
Policies for referencing.
Selector for a Disk in compute to populate source.
Policies for selection.
The customer-supplied encryption key of the source snapshot. Structure documented below.
Networks to attach to instances created from this template. This can be specified multiple times for multiple networks. Structure is documented below.
Access configurations, i.e. IPs via which this instance can be accessed via the Internet.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times. Structure documented below.
An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks. Structure documented below.
An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access. Structure documented below.
Reference to a Network to populate network.
Policies for referencing.
Selector for a Network to populate network.
Policies for selection.
Reference to a Subnetwork to populate subnetwork.
Policies for referencing.
Selector for a Subnetwork to populate subnetwork.
Policies for selection.
Specifies the reservations that this instance can consume from. Structure is documented below.
- A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
The scheduling strategy to use. More details about this configuration option are detailed below.
Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems. Read more on sole-tenant node creation here. Structure documented below.
Service account to attach to the instance. Structure is documented below.
Reference to a ServiceAccount in cloudplatform to populate email.
Policies for referencing.
Selector for a ServiceAccount in cloudplatform to populate email.
Policies for selection.
A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope. See a complete list of scopes here.
Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Structure is documented below. Note: shielded_instance_config can only be used with boot images with shielded vm support. See the complete list here.
Tags to attach to the instance.
THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
Configure Nested Virtualisation and Simultaneous Hyper Threading on this VM. Structure is documented below
Enable Confidential Mode on this VM. Structure is documented below
Disks to attach to instances created from this template. This can be specified multiple times for multiple disks. Structure is documented below.
Encrypts or decrypts a disk using a customer-supplied encryption key.
- A list (short name or id) of resource policies to attach to this disk for automatic snapshot creations. Currently a max of 1 resource policy is supported.
The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key.
The customer-supplied encryption key of the source snapshot. Structure documented below.
Networks to attach to instances created from this template. This can be specified multiple times for multiple networks. Structure is documented below.
Access configurations, i.e. IPs via which this instance can be accessed via the Internet.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times. Structure documented below.
An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks. Structure documented below.
An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access. Structure documented below.
Specifies the reservations that this instance can consume from. Structure is documented below.
- A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
The scheduling strategy to use. More details about this configuration option are detailed below.
Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems. Read more on sole-tenant node creation here. Structure documented below.
Service account to attach to the instance. Structure is documented below.
A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope. See a complete list of scopes here.
Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Structure is documented below. Note: shielded_instance_config can only be used with boot images with shielded vm support. See the complete list here.
Tags to attach to the instance.
THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. providerConfigRef
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
InstanceTemplateStatus defines the observed state of InstanceTemplate.
No description provided.
Configure Nested Virtualisation and Simultaneous Hyper Threading on this VM. Structure is documented below
Enable Confidential Mode on this VM. Structure is documented below
Disks to attach to instances created from this template. This can be specified multiple times for multiple disks. Structure is documented below.
Encrypts or decrypts a disk using a customer-supplied encryption key.
- A list (short name or id) of resource policies to attach to this disk for automatic snapshot creations. Currently a max of 1 resource policy is supported.
The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key.
The customer-supplied encryption key of the source snapshot. Structure documented below.
Networks to attach to instances created from this template. This can be specified multiple times for multiple networks. Structure is documented below.
Access configurations, i.e. IPs via which this instance can be accessed via the Internet.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times. Structure documented below.
An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks. Structure documented below.
An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access. Structure documented below.
Specifies the reservations that this instance can consume from. Structure is documented below.
- A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
The scheduling strategy to use. More details about this configuration option are detailed below.
Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems. Read more on sole-tenant node creation here. Structure documented below.
Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Structure is documented below. Note: shielded_instance_config can only be used with boot images with shielded vm support. See the complete list here.
Tags to attach to the instance.
Conditions of the resource.
forwarding-rule
apiVersion: compute.gcp.upbound.io/v1beta1
kind: InstanceTemplate
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/forwardingrule
labels:
testing.upbound.io/example-name: forwarding-rule
name: forwarding-rule
spec:
forProvider:
disk:
- autoDelete: true
boot: true
sourceImage: debian-cloud/debian-11
machineType: e2-small
metadata:
startup-script: >
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
networkInterface:
- accessConfig:
- {}
networkSelector:
matchLabels:
testing.upbound.io/example-name: forwarding-rule
subnetworkSelector:
matchLabels:
testing.upbound.io/example-name: forwarding-rule-ilb
region: us-central1
tags:
- http-server
instance-from-template
apiVersion: compute.gcp.upbound.io/v1beta1
kind: InstanceTemplate
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/instancefromtemplate
labels:
testing.upbound.io/example-name: instance-from-template
name: instance-from-template
spec:
forProvider:
canIpForward: false
description: This template is used to create app server instances.
disk:
- autoDelete: false
boot: true
sourceImage: debian-cloud/debian-11
instanceDescription: description assigned to instances
labels:
environment: dev
machineType: e2-medium
metadata:
environment: dev
networkInterface:
- network: default
scheduling:
- automaticRestart: true
onHostMaintenance: MIGRATE
tags:
- foo
- bar
region-autoscaler
apiVersion: compute.gcp.upbound.io/v1beta1
kind: InstanceTemplate
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/regionautoscaler
labels:
testing.upbound.io/example-name: region-autoscaler
name: region-autoscaler
spec:
forProvider:
disk:
- diskSizeGb: 250
sourceImage: debian-cloud/debian-11
machineType: e2-standard-4
name: region-autoscaler
networkInterface:
- accessConfig:
- networkTier: PREMIUM
network: default
serviceAccount:
- scopes:
- https://www.googleapis.com/auth/devstorage.read_only
- https://www.googleapis.com/auth/logging.write
- https://www.googleapis.com/auth/monitoring.write
- https://www.googleapis.com/auth/pubsub
- https://www.googleapis.com/auth/service.management.readonly
- https://www.googleapis.com/auth/servicecontrol
- https://www.googleapis.com/auth/trace.append
instance-template
apiVersion: compute.gcp.upbound.io/v1beta1
kind: InstanceTemplate
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/instancetemplate
labels:
testing.upbound.io/example-name: instance-template
name: instance-template
spec:
forProvider:
canIpForward: false
description: This template is used to create app server instances.
disk:
- autoDelete: false
boot: true
sourceImage: debian-cloud/debian-11
instanceDescription: Description assigned to instances
labels:
environment: dev
machineType: e2-medium
metadata:
environment: dev
networkInterface:
- network: default
scheduling:
- automaticRestart: true
onHostMaintenance: MIGRATE
tags:
- foo
- bar
region-instance-group-manager
apiVersion: compute.gcp.upbound.io/v1beta1
kind: InstanceTemplate
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/regioninstancegroupmanager
labels:
testing.upbound.io/example-name: region-instance-group-manager
name: region-instance-group-manager
spec:
forProvider:
canIpForward: false
description: This template is used to create app server instances.
disk:
- autoDelete: false
boot: true
sourceImage: debian-cloud/debian-11
instanceDescription: description assigned to instances
labels:
environment: dev
machineType: e2-medium
metadata:
environment: dev
networkInterface:
- network: default
scheduling:
- automaticRestart: true
onHostMaintenance: MIGRATE
tags:
- foo
- bar
instance-group-manager
apiVersion: compute.gcp.upbound.io/v1beta1
kind: InstanceTemplate
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/instancegroupmanager
labels:
testing.upbound.io/example-name: instance-group-manager
name: instance-group-manager
spec:
forProvider:
canIpForward: false
disk:
- autoDelete: true
boot: true
sourceImage: debian-cloud/debian-11
machineType: e2-medium
name: instance-group-manager
networkInterface:
- network: default
tags:
- foo
- bar
autoscaler
apiVersion: compute.gcp.upbound.io/v1beta1
kind: InstanceTemplate
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/autoscaler
labels:
testing.upbound.io/example-name: autoscaler
name: autoscaler
spec:
forProvider:
canIpForward: false
description: This template is used to create app server instances.
disk:
- autoDelete: false
boot: true
sourceImage: debian-cloud/debian-11
instanceDescription: Description assigned to instances
machineType: e2-medium
networkInterface:
- network: default
per-instance-config
apiVersion: compute.gcp.upbound.io/v1beta1
kind: InstanceTemplate
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/perinstanceconfig
labels:
testing.upbound.io/example-name: per-instance-config
name: per-instance-config
spec:
forProvider:
canIpForward: false
disk:
- autoDelete: true
boot: true
sourceImage: debian-cloud/debian-11
machineType: e2-medium
name: per-instance-config
networkInterface:
- network: default
tags:
- foo
- bar
global-forwarding-rule
apiVersion: compute.gcp.upbound.io/v1beta1
kind: InstanceTemplate
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/globalforwardingrule
labels:
testing.upbound.io/example-name: global-forwarding-rule
name: global-forwarding-rule
spec:
forProvider:
disk:
- autoDelete: true
boot: true
sourceImage: debian-cloud/debian-11
machineType: e2-small
metadata:
startup-script: >
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y apache2 jq
sudo a2ensite global-forwarding-rule-ssl
sudo a2enmod ssl
sudo service apache2 restart
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<h1>SSL Load Balancer</h1>
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
name: global-forwarding-rule
networkInterface:
- accessConfig:
- {}
networkSelector:
matchLabels:
testing.upbound.io/example-name: global-forwarding-rule
subnetworkSelector:
matchLabels:
testing.upbound.io/example-name: global-forwarding-rule
region: us-central1
tags:
- allow-health-check
region-per-instance-config
apiVersion: compute.gcp.upbound.io/v1beta1
kind: InstanceTemplate
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/regionperinstanceconfig
labels:
testing.upbound.io/example-name: region-per-instance-config
name: region-per-instance-config
spec:
forProvider:
canIpForward: false
disk:
- autoDelete: true
boot: true
sourceImage: debian-cloud/debian-11
machineType: e2-medium
name: region-per-instance-config
networkInterface:
- network: default
serviceAccount:
- scopes:
- userinfo-email
- compute-ro
- storage-ro
tags:
- foo
- bar