github.com/openshift/installer@v1.4.17/pkg/types/gcp/machinepools.go (about) 1 package gcp 2 3 // FeatureSwitch indicates whether the feature is enabled or disabled. 4 type FeatureSwitch string 5 6 // OnHostMaintenanceType indicates the setting for the OnHostMaintenance feature, but this is only 7 // applicable when ConfidentialCompute is Enabled. 8 type OnHostMaintenanceType string 9 10 const ( 11 // EnabledFeature indicates that the feature is configured as enabled. 12 EnabledFeature FeatureSwitch = "Enabled" 13 14 // DisabledFeature indicates that the feature is configured as disabled. 15 DisabledFeature FeatureSwitch = "Disabled" 16 17 // OnHostMaintenanceMigrate is the default, and it indicates that the OnHostMaintenance feature is set to Migrate. 18 OnHostMaintenanceMigrate OnHostMaintenanceType = "Migrate" 19 20 // OnHostMaintenanceTerminate indicates that the OnHostMaintenance feature is set to Terminate. 21 OnHostMaintenanceTerminate OnHostMaintenanceType = "Terminate" 22 ) 23 24 // MachinePool stores the configuration for a machine pool installed on GCP. 25 type MachinePool struct { 26 // Zones is list of availability zones that can be used. 27 // 28 // +optional 29 Zones []string `json:"zones,omitempty"` 30 31 // InstanceType defines the GCP instance type. 32 // eg. n1-standard-4 33 // 34 // +optional 35 InstanceType string `json:"type"` 36 37 // OSDisk defines the storage for instance. 38 // 39 // +optional 40 OSDisk `json:"osDisk"` 41 42 // OSImage defines a custom image for instance. 43 // 44 // +optional 45 OSImage *OSImage `json:"osImage,omitempty"` 46 47 // Tags defines a set of network tags which will be added to instances in the machineset 48 // 49 // +optional 50 Tags []string `json:"tags,omitempty"` 51 52 // SecureBoot Defines whether the instance should have secure boot enabled. 53 // secure boot Verify the digital signature of all boot components, and halt the boot process if signature verification fails. 54 // If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. 55 // +kubebuilder:validation:Enum=Enabled;Disabled 56 // +optional 57 SecureBoot string `json:"secureBoot,omitempty"` 58 59 // OnHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. 60 // Allowed values are "Migrate" and "Terminate". 61 // If omitted, the platform chooses a default, which is subject to change over time, currently that default is "Migrate". 62 // +kubebuilder:default="Migrate" 63 // +default="Migrate" 64 // +kubebuilder:validation:Enum=Migrate;Terminate; 65 // +optional 66 OnHostMaintenance string `json:"onHostMaintenance,omitempty"` 67 68 // ConfidentialCompute Defines whether the instance should have confidential compute enabled. 69 // If enabled OnHostMaintenance is required to be set to "Terminate". 70 // If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. 71 // +kubebuilder:default="Disabled" 72 // +default="Disabled" 73 // +kubebuilder:validation:Enum=Enabled;Disabled 74 // +optional 75 ConfidentialCompute string `json:"confidentialCompute,omitempty"` 76 77 // ServiceAccount is the email of a gcp service account to be used during installations. 78 // The provided service account can be attached to both control-plane nodes 79 // and worker nodes in order to provide the permissions required by the cloud provider. 80 // 81 // +optional 82 ServiceAccount string `json:"serviceAccount,omitempty"` 83 } 84 85 // OSDisk defines the disk for machines on GCP. 86 type OSDisk struct { 87 // DiskType defines the type of disk. 88 // For control plane nodes, the valid value is pd-ssd. 89 // +optional 90 // +kubebuilder:validation:Enum=pd-balanced;pd-ssd;pd-standard;hyperdisk-balanced 91 DiskType string `json:"diskType"` 92 93 // DiskSizeGB defines the size of disk in GB. 94 // 95 // +kubebuilder:validation:Minimum=16 96 // +kubebuilder:validation:Maximum=65536 97 DiskSizeGB int64 `json:"DiskSizeGB"` 98 99 // EncryptionKey defines the KMS key to be used to encrypt the disk. 100 // 101 // +optional 102 EncryptionKey *EncryptionKeyReference `json:"encryptionKey,omitempty"` 103 } 104 105 // OSImage defines the image to use for the OS. 106 type OSImage struct { 107 // Name defines the name of the image. 108 // 109 // +required 110 Name string `json:"name"` 111 112 // Project defines the name of the project containing the image. 113 // 114 // +required 115 Project string `json:"project"` 116 } 117 118 // Set sets the values from `required` to `a`. 119 func (a *MachinePool) Set(required *MachinePool) { 120 if required == nil || a == nil { 121 return 122 } 123 124 if len(required.Zones) > 0 { 125 a.Zones = required.Zones 126 } 127 128 if required.InstanceType != "" { 129 a.InstanceType = required.InstanceType 130 } 131 132 if required.Tags != nil { 133 a.Tags = required.Tags 134 } 135 136 if required.OSDisk.DiskSizeGB > 0 { 137 a.OSDisk.DiskSizeGB = required.OSDisk.DiskSizeGB 138 } 139 140 if required.OSDisk.DiskType != "" { 141 a.OSDisk.DiskType = required.OSDisk.DiskType 142 } 143 144 if required.OSImage != nil { 145 a.OSImage = required.OSImage 146 } 147 148 if required.EncryptionKey != nil { 149 if a.EncryptionKey == nil { 150 a.EncryptionKey = &EncryptionKeyReference{} 151 } 152 a.EncryptionKey.Set(required.EncryptionKey) 153 } 154 if required.SecureBoot != "" { 155 a.SecureBoot = required.SecureBoot 156 } 157 158 if required.OnHostMaintenance != "" { 159 a.OnHostMaintenance = required.OnHostMaintenance 160 } 161 162 if required.ConfidentialCompute != "" { 163 a.ConfidentialCompute = required.ConfidentialCompute 164 } 165 166 if required.ServiceAccount != "" { 167 a.ServiceAccount = required.ServiceAccount 168 } 169 } 170 171 // EncryptionKeyReference describes the encryptionKey to use for a disk's encryption. 172 type EncryptionKeyReference struct { 173 // KMSKey is a reference to a KMS Key to use for the encryption. 174 // 175 // +optional 176 KMSKey *KMSKeyReference `json:"kmsKey,omitempty"` 177 178 // KMSKeyServiceAccount is the service account being used for the 179 // encryption request for the given KMS key. If absent, the Compute 180 // Engine default service account is used. 181 // See https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account 182 // for details on the default service account. 183 // 184 // +optional 185 KMSKeyServiceAccount string `json:"kmsKeyServiceAccount,omitempty"` 186 } 187 188 // Set sets the values from `required` to `e`. 189 func (e *EncryptionKeyReference) Set(required *EncryptionKeyReference) { 190 if required == nil || e == nil { 191 return 192 } 193 194 if required.KMSKeyServiceAccount != "" { 195 e.KMSKeyServiceAccount = required.KMSKeyServiceAccount 196 } 197 198 if required.KMSKey != nil { 199 if e.KMSKey == nil { 200 e.KMSKey = &KMSKeyReference{} 201 } 202 e.KMSKey.Set(required.KMSKey) 203 } 204 } 205 206 // KMSKeyReference gathers required fields for looking up a GCP KMS Key 207 type KMSKeyReference struct { 208 // Name is the name of the customer managed encryption key to be used for the disk encryption. 209 Name string `json:"name"` 210 211 // KeyRing is the name of the KMS Key Ring which the KMS Key belongs to. 212 KeyRing string `json:"keyRing"` 213 214 // ProjectID is the ID of the Project in which the KMS Key Ring exists. 215 // Defaults to the VM ProjectID if not set. 216 // 217 // +optional 218 ProjectID string `json:"projectID,omitempty"` 219 220 // Location is the GCP location in which the Key Ring exists. 221 Location string `json:"location"` 222 } 223 224 // Set sets the values from `required` to `k`. 225 func (k *KMSKeyReference) Set(required *KMSKeyReference) { 226 if required == nil || k == nil { 227 return 228 } 229 230 if required.Name != "" { 231 k.Name = required.Name 232 } 233 234 if required.KeyRing != "" { 235 k.KeyRing = required.KeyRing 236 } 237 238 if required.ProjectID != "" { 239 k.ProjectID = required.ProjectID 240 } 241 242 if required.Location != "" { 243 k.Location = required.Location 244 } 245 }