crds/workstations_v1beta1_workstationconfig.yaml

# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cnrm.cloud.google.com/version: 1.128.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/system: "true" name: workstationconfigs.workstations.cnrm.cloud.google.com spec: group: workstations.cnrm.cloud.google.com names: categories: - gcp kind: WorkstationConfig listKind: WorkstationConfigList plural: workstationconfigs shortNames: - gcpworkstationconfig - gcpworkstationconfigs singular: workstationconfig scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1alpha1 schema: openAPIV3Schema: description: WorkstationConfig is the Schema for the WorkstationConfig API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: WorkstationConfigSpec defines the desired state of WorkstationConfig properties: annotations: description: Optional. Client-specified annotations. items: properties: key: description: Key for the annotation. type: string value: description: Value for the annotation. type: string type: object type: array container: description: Optional. Container that runs upon startup for each workstation using this workstation configuration. properties: args: description: Optional. Arguments passed to the entrypoint. items: type: string type: array command: description: Optional. If set, overrides the default ENTRYPOINT specified by the image. items: type: string type: array env: description: Optional. Environment variables passed to the container's entrypoint. items: properties: name: description: Name is the name of the environment variable. type: string value: description: Value is the value of the environment variable. type: string type: object type: array image: description: |- Optional. A Docker container image that defines a custom environment. Cloud Workstations provides a number of [preconfigured images](https://cloud.google.com/workstations/docs/preconfigured-base-images), but you can create your own [custom container images](https://cloud.google.com/workstations/docs/custom-container-images). If using a private image, the `host.gceInstance.serviceAccount` field must be specified in the workstation configuration and must have permission to pull the specified image. Otherwise, the image must be publicly accessible. type: string runAsUser: description: Optional. If set, overrides the USER specified in the image with the given uid. format: int32 type: integer workingDir: description: Optional. If set, overrides the default DIR specified by the image. type: string type: object displayName: description: Optional. Human-readable name for this workstation configuration. type: string encryptionKey: description: |- Immutable. Encrypts resources of this workstation configuration using a customer-managed encryption key (CMEK). If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata. If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk might be lost. If the encryption key is revoked, the workstation session automatically stops within 7 hours. Immutable after the workstation configuration is created. properties: kmsCryptoKeyRef: description: Immutable. A reference to the Google Cloud KMS encryption key. For example, `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`. The key must be in the same region as the workstation configuration. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: A reference to an externally managed KMSCryptoKey. Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. type: string name: description: The `name` of a `KMSCryptoKey` resource. type: string namespace: description: The `namespace` of a `KMSCryptoKey` resource. type: string type: object serviceAccountRef: description: Immutable. A reference to a service account to use with the specified KMS key. We recommend that you use a separate service account and follow KMS best practices. For more information, see [Separation of duties](https://cloud.google.com/kms/docs/separation-of-duties) and `gcloud kms keys add-iam-policy-binding` [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member). oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object host: description: Optional. Runtime host for the workstation. properties: gceInstance: description: Specifies a Compute Engine instance as the host. properties: bootDiskSizeGB: description: Optional. The size of the boot disk for the VM in gigabytes (GB). The minimum boot disk size is `30` GB. Defaults to `50` GB. format: int32 type: integer confidentialInstanceConfig: description: Optional. A set of Compute Engine Confidential VM instance options. properties: enableConfidentialCompute: description: Optional. Whether the instance has confidential compute enabled. type: boolean type: object disablePublicIPAddresses: description: Optional. When set to true, disables public IP addresses for VMs. If you disable public IP addresses, you must set up Private Google Access or Cloud NAT on your network. If you use Private Google Access and you use `private.googleapis.com` or `restricted.googleapis.com` for Container Registry and Artifact Registry, make sure that you set up DNS records for domains `*.gcr.io` and `*.pkg.dev`. Defaults to false (VMs have public IP addresses). type: boolean enableNestedVirtualization: description: |- Optional. Whether to enable nested virtualization on Cloud Workstations VMs created under this workstation configuration. Nested virtualization lets you run virtual machine (VM) instances inside your workstation. Before enabling nested virtualization, consider the following important considerations. Cloud Workstations instances are subject to the [same restrictions as Compute Engine instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions): * **Organization policy**: projects, folders, or organizations may be restricted from creating nested VMs if the **Disable VM nested virtualization** constraint is enforced in the organization policy. For more information, see the Compute Engine section, [Checking whether nested virtualization is allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed). * **Performance**: nested VMs might experience a 10% or greater decrease in performance for workloads that are CPU-bound and possibly greater than a 10% decrease for workloads that are input/output bound. * **Machine Type**: nested virtualization can only be enabled on workstation configurations that specify a [machine_type][google.cloud.workstations.v1.WorkstationConfig.Host.GceInstance.machine_type] in the N1 or N2 machine series. * **GPUs**: nested virtualization may not be enabled on workstation configurations with accelerators. * **Operating System**: Because [Container-Optimized OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos) does not support nested virtualization, when nested virtualization is enabled, the underlying Compute Engine VM instances boot from an [Ubuntu LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts) image. type: boolean machineType: description: Optional. The type of machine to use for VM instances—for example, `"e2-standard-4"`. For more information about machine types that Cloud Workstations supports, see the list of [available machine types](https://cloud.google.com/workstations/docs/available-machine-types). type: string poolSize: description: Optional. The number of VMs that the system should keep idle so that new workstations can be started quickly for new users. Defaults to `0` in the API. format: int32 type: integer serviceAccountRef: description: |- Optional. A reference to the service account for Cloud Workstations VMs created with this configuration. When specified, be sure that the service account has `logginglogEntries.create` permission on the project so it can write logs out to Cloud Logging. If using a custom container image, the service account must have permissions to pull the specified image. If you as the administrator want to be able to `ssh` into the underlying VM, you need to set this value to a service account for which you have the `iam.serviceAccounts.actAs` permission. Conversely, if you don't want anyone to be able to `ssh` into the underlying VM, use a service account where no one has that permission. If not set, VMs run with a service account provided by the Cloud Workstations service, and the image must be publicly accessible. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object serviceAccountScopes: description: Optional. Scopes to grant to the [service_account][google.cloud.workstations.v1.WorkstationConfig.Host.GceInstance.service_account]. Various scopes are automatically added based on feature usage. When specified, users of workstations under this configuration must have `iam.serviceAccounts.actAs` on the service account. items: type: string type: array shieldedInstanceConfig: description: Optional. A set of Compute Engine Shielded instance options. properties: enableIntegrityMonitoring: description: Optional. Whether the instance has integrity monitoring enabled. type: boolean enableSecureBoot: description: Optional. Whether the instance has Secure Boot enabled. type: boolean enableVTPM: description: Optional. Whether the instance has the vTPM enabled. type: boolean type: object tags: description: Optional. Network tags to add to the Compute Engine VMs backing the workstations. This option applies [network tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs created with this configuration. These network tags enable the creation of [firewall rules](https://cloud.google.com/workstations/docs/configure-firewall-rules). items: type: string type: array type: object type: object idleTimeout: description: |- Optional. Number of seconds to wait before automatically stopping a workstation after it last received user traffic. A value of `"0s"` indicates that Cloud Workstations VMs created with this configuration should never time out due to idleness. Provide [duration](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration) terminated by `s` for seconds—for example, `"7200s"` (2 hours). The default is `"1200s"` (20 minutes). type: string labels: description: Optional. [Labels](https://cloud.google.com/workstations/docs/label-resources) that are applied to the workstation configuration and that are also propagated to the underlying Compute Engine resources. items: properties: key: description: Key for the label. type: string value: description: Value for the label. type: string type: object type: array parentRef: description: Parent is a reference to the parent WorkstationCluster for this WorkstationConfig. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: A reference to an externally managed WorkstationCluster resource. Should be in the format "projects/{{projectID}}/locations/{{location}}/workstationClusters/{{workstationclusterID}}". type: string name: description: The name of a WorkstationCluster resource. type: string namespace: description: The namespace of a WorkstationCluster resource. type: string type: object persistentDirectories: description: Optional. Directories to persist across workstation sessions. items: properties: gcePD: description: A PersistentDirectory backed by a Compute Engine persistent disk. properties: diskType: description: Optional. The [type of the persistent disk](https://cloud.google.com/compute/docs/disks#disk-types) for the home directory. Defaults to `"pd-standard"`. type: string fsType: description: Optional. Type of file system that the disk should be formatted with. The workstation image must support this file system type. Must be empty if [source_snapshot][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.source_snapshot] is set. Defaults to `"ext4"`. type: string reclaimPolicy: description: Optional. Whether the persistent disk should be deleted when the workstation is deleted. Valid values are `DELETE` and `RETAIN`. Defaults to `DELETE`. type: string sizeGB: description: |- Optional. The GB capacity of a persistent home directory for each workstation created with this configuration. Must be empty if [source_snapshot][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.source_snapshot] is set. Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`. Defaults to `200`. If less than `200` GB, the [disk_type][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.disk_type] must be `"pd-balanced"` or `"pd-ssd"`. format: int32 type: integer sourceSnapshot: description: Optional. Name of the snapshot to use as the source for the disk. If set, [size_gb][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.size_gb] and [fs_type][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.fs_type] must be empty. type: string type: object mountPath: description: Optional. Location of this directory in the running workstation. type: string type: object type: array readinessChecks: description: Optional. Readiness checks to perform when starting a workstation using this workstation configuration. Mark a workstation as running only after all specified readiness checks return 200 status codes. items: properties: path: description: Optional. Path to which the request should be sent. type: string port: description: Optional. Port to which the request should be sent. format: int32 type: integer type: object type: array replicaZones: description: |- Optional. Immutable. Specifies the zones used to replicate the VM and disk resources within the region. If set, exactly two zones within the workstation cluster's region must be specified—for example, `['us-central1-a', 'us-central1-f']`. If this field is empty, two default zones within the region are used. Immutable after the workstation configuration is created. items: type: string type: array resourceID: description: The WorkstationConfig name. If not given, the metadata.name will be used. type: string runningTimeout: description: |- Optional. Number of seconds that a workstation can run until it is automatically shut down. We recommend that workstations be shut down daily to reduce costs and so that security updates can be applied upon restart. The [idle_timeout][google.cloud.workstations.v1.WorkstationConfig.idle_timeout] and [running_timeout][google.cloud.workstations.v1.WorkstationConfig.running_timeout] fields are independent of each other. Note that the [running_timeout][google.cloud.workstations.v1.WorkstationConfig.running_timeout] field shuts down VMs after the specified time, regardless of whether or not the VMs are idle. Provide duration terminated by `s` for seconds—for example, `"54000s"` (15 hours). Defaults to `"43200s"` (12 hours). A value of `"0s"` indicates that workstations using this configuration should never time out. If [encryption_key][google.cloud.workstations.v1.WorkstationConfig.encryption_key] is set, it must be greater than `"0s"` and less than `"86400s"` (24 hours). Warning: A value of `"0s"` indicates that Cloud Workstations VMs created with this configuration have no maximum running time. This is strongly discouraged because you incur costs and will not pick up security updates. type: string required: - parentRef type: object status: description: WorkstationConfigStatus defines the config connector machine state of WorkstationConfig properties: conditions: description: Conditions represent the latest available observations of the object's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array externalRef: description: A unique specifier for the WorkstationConfig resource in GCP. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. format: int64 type: integer observedState: description: ObservedState is the state of the resource as most recently observed in GCP. properties: createTime: description: Output only. Time when this workstation configuration was created. type: string degraded: description: Output only. Whether this resource is degraded, in which case it may require user action to restore full functionality. See also the [conditions][google.cloud.workstations.v1.WorkstationConfig.conditions] field. type: boolean deleteTime: description: Output only. Time when this workstation configuration was soft-deleted. type: string etag: description: Output only. Checksum computed by the server. May be sent on update and delete requests to make sure that the client has an up-to-date value before proceeding. type: string gcpConditions: description: Output only. Status conditions describing the current resource state. items: properties: code: description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. format: int32 type: integer message: description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. type: string type: object type: array host: description: Output only. Observed state of the runtime host for the workstation configuration. properties: gceInstance: description: Output only. Observed state of the Compute Engine runtime host for the workstation configuration. properties: pooledInstances: description: Output only. Number of instances currently available in the pool for faster workstation startup. format: int32 type: integer type: object type: object uid: description: Output only. A system-assigned unique identifier for this workstation configuration. type: string updateTime: description: Output only. Time when this workstation configuration was most recently updated. type: string type: object type: object type: object served: true storage: false subresources: status: {} - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - description: The reason for the value in 'Ready' jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - description: The last transition time for the value in 'Status' jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: description: WorkstationConfig is the Schema for the WorkstationConfig API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: WorkstationConfigSpec defines the desired state of WorkstationConfig properties: annotations: description: Optional. Client-specified annotations. items: properties: key: description: Key for the annotation. type: string value: description: Value for the annotation. type: string type: object type: array container: description: Optional. Container that runs upon startup for each workstation using this workstation configuration. properties: args: description: Optional. Arguments passed to the entrypoint. items: type: string type: array command: description: Optional. If set, overrides the default ENTRYPOINT specified by the image. items: type: string type: array env: description: Optional. Environment variables passed to the container's entrypoint. items: properties: name: description: Name is the name of the environment variable. type: string value: description: Value is the value of the environment variable. type: string type: object type: array image: description: |- Optional. A Docker container image that defines a custom environment. Cloud Workstations provides a number of [preconfigured images](https://cloud.google.com/workstations/docs/preconfigured-base-images), but you can create your own [custom container images](https://cloud.google.com/workstations/docs/custom-container-images). If using a private image, the `host.gceInstance.serviceAccount` field must be specified in the workstation configuration and must have permission to pull the specified image. Otherwise, the image must be publicly accessible. type: string runAsUser: description: Optional. If set, overrides the USER specified in the image with the given uid. format: int32 type: integer workingDir: description: Optional. If set, overrides the default DIR specified by the image. type: string type: object displayName: description: Optional. Human-readable name for this workstation configuration. type: string encryptionKey: description: |- Immutable. Encrypts resources of this workstation configuration using a customer-managed encryption key (CMEK). If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata. If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk might be lost. If the encryption key is revoked, the workstation session automatically stops within 7 hours. Immutable after the workstation configuration is created. properties: kmsCryptoKeyRef: description: Immutable. A reference to the Google Cloud KMS encryption key. For example, `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`. The key must be in the same region as the workstation configuration. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: A reference to an externally managed KMSCryptoKey. Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. type: string name: description: The `name` of a `KMSCryptoKey` resource. type: string namespace: description: The `namespace` of a `KMSCryptoKey` resource. type: string type: object serviceAccountRef: description: Immutable. A reference to a service account to use with the specified KMS key. We recommend that you use a separate service account and follow KMS best practices. For more information, see [Separation of duties](https://cloud.google.com/kms/docs/separation-of-duties) and `gcloud kms keys add-iam-policy-binding` [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member). oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object type: object host: description: Optional. Runtime host for the workstation. properties: gceInstance: description: Specifies a Compute Engine instance as the host. properties: bootDiskSizeGB: description: Optional. The size of the boot disk for the VM in gigabytes (GB). The minimum boot disk size is `30` GB. Defaults to `50` GB. format: int32 type: integer confidentialInstanceConfig: description: Optional. A set of Compute Engine Confidential VM instance options. properties: enableConfidentialCompute: description: Optional. Whether the instance has confidential compute enabled. type: boolean type: object disablePublicIPAddresses: description: Optional. When set to true, disables public IP addresses for VMs. If you disable public IP addresses, you must set up Private Google Access or Cloud NAT on your network. If you use Private Google Access and you use `private.googleapis.com` or `restricted.googleapis.com` for Container Registry and Artifact Registry, make sure that you set up DNS records for domains `*.gcr.io` and `*.pkg.dev`. Defaults to false (VMs have public IP addresses). type: boolean enableNestedVirtualization: description: |- Optional. Whether to enable nested virtualization on Cloud Workstations VMs created under this workstation configuration. Nested virtualization lets you run virtual machine (VM) instances inside your workstation. Before enabling nested virtualization, consider the following important considerations. Cloud Workstations instances are subject to the [same restrictions as Compute Engine instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions): * **Organization policy**: projects, folders, or organizations may be restricted from creating nested VMs if the **Disable VM nested virtualization** constraint is enforced in the organization policy. For more information, see the Compute Engine section, [Checking whether nested virtualization is allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed). * **Performance**: nested VMs might experience a 10% or greater decrease in performance for workloads that are CPU-bound and possibly greater than a 10% decrease for workloads that are input/output bound. * **Machine Type**: nested virtualization can only be enabled on workstation configurations that specify a [machine_type][google.cloud.workstations.v1.WorkstationConfig.Host.GceInstance.machine_type] in the N1 or N2 machine series. * **GPUs**: nested virtualization may not be enabled on workstation configurations with accelerators. * **Operating System**: Because [Container-Optimized OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos) does not support nested virtualization, when nested virtualization is enabled, the underlying Compute Engine VM instances boot from an [Ubuntu LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts) image. type: boolean machineType: description: Optional. The type of machine to use for VM instances—for example, `"e2-standard-4"`. For more information about machine types that Cloud Workstations supports, see the list of [available machine types](https://cloud.google.com/workstations/docs/available-machine-types). type: string poolSize: description: Optional. The number of VMs that the system should keep idle so that new workstations can be started quickly for new users. Defaults to `0` in the API. format: int32 type: integer serviceAccountRef: description: |- Optional. A reference to the service account for Cloud Workstations VMs created with this configuration. When specified, be sure that the service account has `logginglogEntries.create` permission on the project so it can write logs out to Cloud Logging. If using a custom container image, the service account must have permissions to pull the specified image. If you as the administrator want to be able to `ssh` into the underlying VM, you need to set this value to a service account for which you have the `iam.serviceAccounts.actAs` permission. Conversely, if you don't want anyone to be able to `ssh` into the underlying VM, use a service account where no one has that permission. If not set, VMs run with a service account provided by the Cloud Workstations service, and the image must be publicly accessible. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object serviceAccountScopes: description: Optional. Scopes to grant to the [service_account][google.cloud.workstations.v1.WorkstationConfig.Host.GceInstance.service_account]. Various scopes are automatically added based on feature usage. When specified, users of workstations under this configuration must have `iam.serviceAccounts.actAs` on the service account. items: type: string type: array shieldedInstanceConfig: description: Optional. A set of Compute Engine Shielded instance options. properties: enableIntegrityMonitoring: description: Optional. Whether the instance has integrity monitoring enabled. type: boolean enableSecureBoot: description: Optional. Whether the instance has Secure Boot enabled. type: boolean enableVTPM: description: Optional. Whether the instance has the vTPM enabled. type: boolean type: object tags: description: Optional. Network tags to add to the Compute Engine VMs backing the workstations. This option applies [network tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) to VMs created with this configuration. These network tags enable the creation of [firewall rules](https://cloud.google.com/workstations/docs/configure-firewall-rules). items: type: string type: array type: object type: object idleTimeout: description: |- Optional. Number of seconds to wait before automatically stopping a workstation after it last received user traffic. A value of `"0s"` indicates that Cloud Workstations VMs created with this configuration should never time out due to idleness. Provide [duration](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration) terminated by `s` for seconds—for example, `"7200s"` (2 hours). The default is `"1200s"` (20 minutes). type: string labels: description: Optional. [Labels](https://cloud.google.com/workstations/docs/label-resources) that are applied to the workstation configuration and that are also propagated to the underlying Compute Engine resources. items: properties: key: description: Key for the label. type: string value: description: Value for the label. type: string type: object type: array parentRef: description: Parent is a reference to the parent WorkstationCluster for this WorkstationConfig. oneOf: - not: required: - external required: - name - not: anyOf: - required: - name - required: - namespace required: - external properties: external: description: A reference to an externally managed WorkstationCluster resource. Should be in the format "projects/{{projectID}}/locations/{{location}}/workstationClusters/{{workstationclusterID}}". type: string name: description: The name of a WorkstationCluster resource. type: string namespace: description: The namespace of a WorkstationCluster resource. type: string type: object persistentDirectories: description: Optional. Directories to persist across workstation sessions. items: properties: gcePD: description: A PersistentDirectory backed by a Compute Engine persistent disk. properties: diskType: description: Optional. The [type of the persistent disk](https://cloud.google.com/compute/docs/disks#disk-types) for the home directory. Defaults to `"pd-standard"`. type: string fsType: description: Optional. Type of file system that the disk should be formatted with. The workstation image must support this file system type. Must be empty if [source_snapshot][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.source_snapshot] is set. Defaults to `"ext4"`. type: string reclaimPolicy: description: Optional. Whether the persistent disk should be deleted when the workstation is deleted. Valid values are `DELETE` and `RETAIN`. Defaults to `DELETE`. type: string sizeGB: description: |- Optional. The GB capacity of a persistent home directory for each workstation created with this configuration. Must be empty if [source_snapshot][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.source_snapshot] is set. Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`. Defaults to `200`. If less than `200` GB, the [disk_type][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.disk_type] must be `"pd-balanced"` or `"pd-ssd"`. format: int32 type: integer sourceSnapshot: description: Optional. Name of the snapshot to use as the source for the disk. If set, [size_gb][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.size_gb] and [fs_type][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.fs_type] must be empty. type: string type: object mountPath: description: Optional. Location of this directory in the running workstation. type: string type: object type: array readinessChecks: description: Optional. Readiness checks to perform when starting a workstation using this workstation configuration. Mark a workstation as running only after all specified readiness checks return 200 status codes. items: properties: path: description: Optional. Path to which the request should be sent. type: string port: description: Optional. Port to which the request should be sent. format: int32 type: integer type: object type: array replicaZones: description: |- Optional. Immutable. Specifies the zones used to replicate the VM and disk resources within the region. If set, exactly two zones within the workstation cluster's region must be specified—for example, `['us-central1-a', 'us-central1-f']`. If this field is empty, two default zones within the region are used. Immutable after the workstation configuration is created. items: type: string type: array resourceID: description: The WorkstationConfig name. If not given, the metadata.name will be used. type: string runningTimeout: description: |- Optional. Number of seconds that a workstation can run until it is automatically shut down. We recommend that workstations be shut down daily to reduce costs and so that security updates can be applied upon restart. The [idle_timeout][google.cloud.workstations.v1.WorkstationConfig.idle_timeout] and [running_timeout][google.cloud.workstations.v1.WorkstationConfig.running_timeout] fields are independent of each other. Note that the [running_timeout][google.cloud.workstations.v1.WorkstationConfig.running_timeout] field shuts down VMs after the specified time, regardless of whether or not the VMs are idle. Provide duration terminated by `s` for seconds—for example, `"54000s"` (15 hours). Defaults to `"43200s"` (12 hours). A value of `"0s"` indicates that workstations using this configuration should never time out. If [encryption_key][google.cloud.workstations.v1.WorkstationConfig.encryption_key] is set, it must be greater than `"0s"` and less than `"86400s"` (24 hours). Warning: A value of `"0s"` indicates that Cloud Workstations VMs created with this configuration have no maximum running time. This is strongly discouraged because you incur costs and will not pick up security updates. type: string required: - parentRef type: object status: description: WorkstationConfigStatus defines the config connector machine state of WorkstationConfig properties: conditions: description: Conditions represent the latest available observations of the object's current state. items: properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: Human-readable message indicating details about last transition. type: string reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string status: description: Status is the status of the condition. Can be True, False, Unknown. type: string type: description: Type is the type of the condition. type: string type: object type: array externalRef: description: A unique specifier for the WorkstationConfig resource in GCP. type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. format: int64 type: integer observedState: description: ObservedState is the state of the resource as most recently observed in GCP. properties: createTime: description: Output only. Time when this workstation configuration was created. type: string degraded: description: Output only. Whether this resource is degraded, in which case it may require user action to restore full functionality. See also the [conditions][google.cloud.workstations.v1.WorkstationConfig.conditions] field. type: boolean deleteTime: description: Output only. Time when this workstation configuration was soft-deleted. type: string etag: description: Output only. Checksum computed by the server. May be sent on update and delete requests to make sure that the client has an up-to-date value before proceeding. type: string gcpConditions: description: Output only. Status conditions describing the current resource state. items: properties: code: description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. format: int32 type: integer message: description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. type: string type: object type: array host: description: Output only. Observed state of the runtime host for the workstation configuration. properties: gceInstance: description: Output only. Observed state of the Compute Engine runtime host for the workstation configuration. properties: pooledInstances: description: Output only. Number of instances currently available in the pool for faster workstation startup. format: int32 type: integer type: object type: object uid: description: Output only. A system-assigned unique identifier for this workstation configuration. type: string updateTime: description: Output only. Time when this workstation configuration was most recently updated. type: string type: object type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: null storedVersions: null

crds/workstations_v1beta1_workstationconfig.yaml (1,156 lines of code) (raw):