@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
860 lines (859 loc) • 37.8 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* > **Note**: Global instance templates can be used in any region. To lower the impact of outages outside your region and gain data residency within your region, use google_compute_region_instance_template.
*
* Manages a VM instance template resource within GCE. For more information see
* [the official documentation](https://cloud.google.com/compute/docs/instance-templates)
* and
* [API](https://cloud.google.com/compute/docs/reference/latest/instanceTemplates).
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const _default = new gcp.serviceaccount.Account("default", {
* accountId: "service-account-id",
* displayName: "Service Account",
* });
* const myImage = gcp.compute.getImage({
* family: "debian-11",
* project: "debian-cloud",
* });
* const foobar = new gcp.compute.Disk("foobar", {
* name: "existing-disk",
* image: myImage.then(myImage => myImage.selfLink),
* size: 10,
* type: "pd-ssd",
* zone: "us-central1-a",
* });
* const dailyBackup = new gcp.compute.ResourcePolicy("daily_backup", {
* name: "every-day-4am",
* region: "us-central1",
* snapshotSchedulePolicy: {
* schedule: {
* dailySchedule: {
* daysInCycle: 1,
* startTime: "04:00",
* },
* },
* },
* });
* const defaultInstanceTemplate = new gcp.compute.InstanceTemplate("default", {
* name: "appserver-template",
* description: "This template is used to create app server instances.",
* tags: [
* "foo",
* "bar",
* ],
* labels: {
* environment: "dev",
* },
* instanceDescription: "description assigned to instances",
* machineType: "e2-medium",
* canIpForward: false,
* scheduling: {
* automaticRestart: true,
* onHostMaintenance: "MIGRATE",
* },
* disks: [
* {
* sourceImage: "debian-cloud/debian-11",
* autoDelete: true,
* boot: true,
* resourcePolicies: dailyBackup.id,
* },
* {
* source: foobar.name,
* autoDelete: false,
* boot: false,
* },
* ],
* networkInterfaces: [{
* network: "default",
* }],
* metadata: {
* foo: "bar",
* },
* serviceAccount: {
* email: _default.email,
* scopes: ["cloud-platform"],
* },
* });
* ```
*
* ### Automatic Envoy Deployment
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const _default = gcp.compute.getDefaultServiceAccount({});
* const myImage = gcp.compute.getImage({
* family: "debian-11",
* project: "debian-cloud",
* });
* const foobar = new gcp.compute.InstanceTemplate("foobar", {
* name: "appserver-template",
* machineType: "e2-medium",
* canIpForward: false,
* tags: [
* "foo",
* "bar",
* ],
* disks: [{
* sourceImage: myImage.then(myImage => myImage.selfLink),
* autoDelete: true,
* boot: true,
* }],
* networkInterfaces: [{
* network: "default",
* }],
* scheduling: {
* preemptible: false,
* automaticRestart: true,
* },
* metadata: {
* "gce-software-declaration": `{
* "softwareRecipes": [{
* "name": "install-gce-service-proxy-agent",
* "desired_state": "INSTALLED",
* "installSteps": [{
* "scriptRun": {
* "script": "#! /bin/bash\\nZONE=(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\\nexport SERVICE_PROXY_AGENT_DIRECTORY=(mktemp -d)\\nsudo gsutil cp gs://gce-service-proxy-"ZONE"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz "SERVICE_PROXY_AGENT_DIRECTORY" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz "SERVICE_PROXY_AGENT_DIRECTORY"\\nsudo tar -xzf "SERVICE_PROXY_AGENT_DIRECTORY"/service-proxy-agent-0.2.tgz -C "SERVICE_PROXY_AGENT_DIRECTORY"\\n"SERVICE_PROXY_AGENT_DIRECTORY"/service-proxy-agent/service-proxy-agent-bootstrap.sh"
* }
* }]
* }]
* }
* `,
* "gce-service-proxy": `{
* "api-version": "0.2",
* "proxy-spec": {
* "proxy-port": 15001,
* "network": "my-network",
* "tracing": "ON",
* "access-log": "/var/log/envoy/access.log"
* }
* "service": {
* "serving-ports": [80, 81]
* },
* "labels": {
* "app_name": "bookserver_app",
* "app_version": "STABLE"
* }
* }
* `,
* "enable-guest-attributes": "true",
* "enable-osconfig": "true",
* },
* serviceAccount: {
* email: _default.then(_default => _default.email),
* scopes: ["cloud-platform"],
* },
* labels: {
* "gce-service-proxy": "on",
* },
* });
* ```
*
* ### Confidential Computing
*
* Example with [Confidential Mode](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview) activated.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const _default = new gcp.serviceaccount.Account("default", {
* accountId: "my-custom-sa",
* displayName: "Custom SA for VM Instance",
* });
* const confidentialInstanceTemplate = new gcp.compute.InstanceTemplate("confidential_instance_template", {
* networkInterfaces: [{
* accessConfigs: [{}],
* network: "default",
* }],
* name: "my-confidential-instance-template",
* region: "us-central1",
* machineType: "n2d-standard-2",
* minCpuPlatform: "AMD Milan",
* confidentialInstanceConfig: {
* enableConfidentialCompute: true,
* confidentialInstanceType: "SEV",
* },
* disks: [{
* sourceImage: "ubuntu-os-cloud/ubuntu-2204-lts",
* }],
* serviceAccount: {
* email: _default.email,
* scopes: ["cloud-platform"],
* },
* });
* ```
*
* ## Deploying the Latest Image
*
* A common way to use instance templates and managed instance groups is to deploy the
* latest image in a family, usually the latest build of your application. There are two
* ways to do this in the provider, and they have their pros and cons. The difference ends
* up being in how "latest" is interpreted. You can either deploy the latest image available
* when the provider runs, or you can have each instance check what the latest image is when
* it's being created, either as part of a scaling event or being rebuilt by the instance
* group manager.
*
* If you're not sure, we recommend deploying the latest image available when the provider runs,
* because this means all the instances in your group will be based on the same image, always,
* and means that no upgrades or changes to your instances happen outside of a `pulumi up`.
* You can achieve this by using the `gcp.compute.Image`
* data source, which will retrieve the latest image on every `pulumi apply`, and will update
* the template to use that specific image:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const myImage = gcp.compute.getImage({
* family: "debian-11",
* project: "debian-cloud",
* });
* const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
* namePrefix: "instance-template-",
* machineType: "e2-medium",
* region: "us-central1",
* disks: [{
* sourceImage: myImage.then(myImage => myImage.selfLink),
* }],
* });
* ```
*
* To have instances update to the latest on every scaling event or instance re-creation,
* use the family as the image for the disk, and it will use GCP's default behavior, setting
* the image for the template to the family:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
* namePrefix: "instance-template-",
* machineType: "e2-medium",
* region: "us-central1",
* disks: [{
* sourceImage: "debian-cloud/debian-11",
* }],
* });
* ```
*
* ## Import
*
* Instance templates can be imported using any of these accepted formats:
*
* * `projects/{{project}}/global/instanceTemplates/{{name}}`
*
* * `{{project}}/{{name}}`
*
* * `{{name}}`
*
* When using the `pulumi import` command, instance templates can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default projects/{{project}}/global/instanceTemplates/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default {{project}}/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default {{name}}
* ```
*/
export declare class InstanceTemplate extends pulumi.CustomResource {
/**
* Get an existing InstanceTemplate resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceTemplateState, opts?: pulumi.CustomResourceOptions): InstanceTemplate;
/**
* Returns true if the given object is an instance of InstanceTemplate. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is InstanceTemplate;
/**
* Configure Nested Virtualisation and Simultaneous Hyper Threading on this VM. Structure is documented below
*/
readonly advancedMachineFeatures: pulumi.Output<outputs.compute.InstanceTemplateAdvancedMachineFeatures | undefined>;
/**
* Whether to allow sending and receiving of
* packets with non-matching source or destination IPs. This defaults to false.
*/
readonly canIpForward: pulumi.Output<boolean | undefined>;
/**
* Enable [Confidential Mode](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) on this VM. Structure is documented below
*/
readonly confidentialInstanceConfig: pulumi.Output<outputs.compute.InstanceTemplateConfidentialInstanceConfig>;
/**
* Creation timestamp in RFC3339 text format.
*/
readonly creationTimestamp: pulumi.Output<string>;
/**
* A brief description of this resource.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* Disks to attach to instances created from this template.
* This can be specified multiple times for multiple disks. Structure is
* documented below.
*/
readonly disks: pulumi.Output<outputs.compute.InstanceTemplateDisk[]>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
readonly effectiveLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* Enable [Virtual Displays](https://cloud.google.com/compute/docs/instances/enable-instance-virtual-display#verify_display_driver) on this instance.
* **Note**: `allowStoppingForUpdate` must be set to true in order to update this field.
*/
readonly enableDisplay: pulumi.Output<boolean | undefined>;
/**
* List of the type and count of accelerator cards attached to the instance. Structure documented below.
*/
readonly guestAccelerators: pulumi.Output<outputs.compute.InstanceTemplateGuestAccelerator[] | undefined>;
/**
* A brief description to use for instances
* created from this template.
*/
readonly instanceDescription: pulumi.Output<string | undefined>;
/**
* Action to be taken when a customer's encryption key is revoked. Supports `STOP` and `NONE`, with `NONE` being the default.
*/
readonly keyRevocationActionType: pulumi.Output<string | undefined>;
/**
* A set of key/value label pairs to assign to instances
* created from this template.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field 'effective_labels' for all of the labels present on the resource.
*/
readonly labels: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.
*/
readonly machineType: pulumi.Output<string>;
/**
* Metadata key/value pairs to make available from
* within instances created from this template.
*/
readonly metadata: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* The unique fingerprint of the metadata.
*/
readonly metadataFingerprint: pulumi.Output<string>;
/**
* An alternative to using the
* startup-script metadata key, mostly to match the computeInstance resource.
* This replaces the startup-script metadata key on the created instance and
* thus the two mechanisms are not allowed to be used simultaneously.
*/
readonly metadataStartupScript: pulumi.Output<string | undefined>;
/**
* Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as
* `Intel Haswell` or `Intel Skylake`. See the complete list [here](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform).
*/
readonly minCpuPlatform: pulumi.Output<string | undefined>;
/**
* The name of the instance template. If you leave
* this blank, the provider will auto-generate a unique name.
*/
readonly name: pulumi.Output<string>;
/**
* Creates a unique name beginning with the specified
* prefix. Conflicts with `name`. Max length is 54 characters.
* Prefixes with lengths longer than 37 characters will use a shortened
* UUID that will be more prone to collisions.
*
* Resulting name for a `namePrefix` <= 37 characters:
* `namePrefix` + YYYYmmddHHSSssss + 8 digit incremental counter
* Resulting name for a `namePrefix` 38 - 54 characters:
* `namePrefix` + YYmmdd + 3 digit incremental counter
*/
readonly namePrefix: pulumi.Output<string>;
/**
* Networks to attach to instances created from
* this template. This can be specified multiple times for multiple networks.
* Structure is documented below.
*/
readonly networkInterfaces: pulumi.Output<outputs.compute.InstanceTemplateNetworkInterface[] | undefined>;
/**
* (Optional, Configures network performance settings for the instance created from the
* template. Structure is documented below. **Note**: `machineType`
* must be a [supported type](https://cloud.google.com/compute/docs/networking/configure-vm-with-high-bandwidth-configuration),
* the `image` used must include the [`GVNIC`](https://cloud.google.com/compute/docs/networking/using-gvnic#create-instance-gvnic-image)
* in `guest-os-features`, and `network_interface.0.nic-type` must be `GVNIC`
* in order for this setting to take effect.
*/
readonly networkPerformanceConfig: pulumi.Output<outputs.compute.InstanceTemplateNetworkPerformanceConfig | undefined>;
/**
* numeric identifier of the resource.
*/
readonly numericId: pulumi.Output<string>;
/**
* Beta key/value pair represents partner metadata assigned to instance template where key represent a defined namespace and value is a json string represent the entries associted with the namespace.
*/
readonly partnerMetadata: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* The ID of the project in which the resource belongs. If it
* is not provided, the provider project is used.
*/
readonly project: pulumi.Output<string>;
/**
* The combination of labels configured directly on the resource and default labels configured on the provider.
*/
readonly pulumiLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* An instance template is a global resource that is not
* bound to a zone or a region. However, you can still specify some regional
* resources in an instance template, which restricts the template to the
* region where that resource resides. For example, a custom `subnetwork`
* resource is tied to a specific region. Defaults to the region of the
* Provider if no value is given.
*/
readonly region: pulumi.Output<string>;
/**
* Specifies the reservations that this instance can consume from.
* Structure is documented below.
*/
readonly reservationAffinity: pulumi.Output<outputs.compute.InstanceTemplateReservationAffinity | undefined>;
/**
* A set of key/value resource manager tag pairs to bind to the instances. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.
*/
readonly resourceManagerTags: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* - A list of selfLinks of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
*/
readonly resourcePolicies: pulumi.Output<string | undefined>;
/**
* The scheduling strategy to use. More details about
* this configuration option are detailed below.
*/
readonly scheduling: pulumi.Output<outputs.compute.InstanceTemplateScheduling>;
/**
* The URI of the created resource.
*/
readonly selfLink: pulumi.Output<string>;
/**
* A special URI of the created resource that uniquely identifies this instance template with the following format: `projects/{{project}}/global/instanceTemplates/{{name}}?uniqueId={{uniqueId}}`
* Referencing an instance template via this attribute prevents Time of Check to Time of Use attacks when the instance template resides in a shared/untrusted environment.
*/
readonly selfLinkUnique: pulumi.Output<string>;
/**
* Service account to attach to the instance. Structure is documented below.
*/
readonly serviceAccount: pulumi.Output<outputs.compute.InstanceTemplateServiceAccount | undefined>;
/**
* Enable [Shielded VM](https://cloud.google.com/security/shielded-cloud/shielded-vm) on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Structure is documented below.
* **Note**: `shieldedInstanceConfig` can only be used with boot images with shielded vm support. See the complete list [here](https://cloud.google.com/compute/docs/images#shielded-images).
*/
readonly shieldedInstanceConfig: pulumi.Output<outputs.compute.InstanceTemplateShieldedInstanceConfig>;
/**
* Tags to attach to the instance.
*/
readonly tags: pulumi.Output<string[] | undefined>;
/**
* The unique fingerprint of the tags.
*/
readonly tagsFingerprint: pulumi.Output<string>;
/**
* Create a InstanceTemplate resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: InstanceTemplateArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering InstanceTemplate resources.
*/
export interface InstanceTemplateState {
/**
* Configure Nested Virtualisation and Simultaneous Hyper Threading on this VM. Structure is documented below
*/
advancedMachineFeatures?: pulumi.Input<inputs.compute.InstanceTemplateAdvancedMachineFeatures>;
/**
* Whether to allow sending and receiving of
* packets with non-matching source or destination IPs. This defaults to false.
*/
canIpForward?: pulumi.Input<boolean>;
/**
* Enable [Confidential Mode](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) on this VM. Structure is documented below
*/
confidentialInstanceConfig?: pulumi.Input<inputs.compute.InstanceTemplateConfidentialInstanceConfig>;
/**
* Creation timestamp in RFC3339 text format.
*/
creationTimestamp?: pulumi.Input<string>;
/**
* A brief description of this resource.
*/
description?: pulumi.Input<string>;
/**
* Disks to attach to instances created from this template.
* This can be specified multiple times for multiple disks. Structure is
* documented below.
*/
disks?: pulumi.Input<pulumi.Input<inputs.compute.InstanceTemplateDisk>[]>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
effectiveLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Enable [Virtual Displays](https://cloud.google.com/compute/docs/instances/enable-instance-virtual-display#verify_display_driver) on this instance.
* **Note**: `allowStoppingForUpdate` must be set to true in order to update this field.
*/
enableDisplay?: pulumi.Input<boolean>;
/**
* List of the type and count of accelerator cards attached to the instance. Structure documented below.
*/
guestAccelerators?: pulumi.Input<pulumi.Input<inputs.compute.InstanceTemplateGuestAccelerator>[]>;
/**
* A brief description to use for instances
* created from this template.
*/
instanceDescription?: pulumi.Input<string>;
/**
* Action to be taken when a customer's encryption key is revoked. Supports `STOP` and `NONE`, with `NONE` being the default.
*/
keyRevocationActionType?: pulumi.Input<string>;
/**
* A set of key/value label pairs to assign to instances
* created from this template.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field 'effective_labels' for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.
*/
machineType?: pulumi.Input<string>;
/**
* Metadata key/value pairs to make available from
* within instances created from this template.
*/
metadata?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The unique fingerprint of the metadata.
*/
metadataFingerprint?: pulumi.Input<string>;
/**
* An alternative to using the
* startup-script metadata key, mostly to match the computeInstance resource.
* This replaces the startup-script metadata key on the created instance and
* thus the two mechanisms are not allowed to be used simultaneously.
*/
metadataStartupScript?: pulumi.Input<string>;
/**
* Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as
* `Intel Haswell` or `Intel Skylake`. See the complete list [here](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform).
*/
minCpuPlatform?: pulumi.Input<string>;
/**
* The name of the instance template. If you leave
* this blank, the provider will auto-generate a unique name.
*/
name?: pulumi.Input<string>;
/**
* Creates a unique name beginning with the specified
* prefix. Conflicts with `name`. Max length is 54 characters.
* Prefixes with lengths longer than 37 characters will use a shortened
* UUID that will be more prone to collisions.
*
* Resulting name for a `namePrefix` <= 37 characters:
* `namePrefix` + YYYYmmddHHSSssss + 8 digit incremental counter
* Resulting name for a `namePrefix` 38 - 54 characters:
* `namePrefix` + YYmmdd + 3 digit incremental counter
*/
namePrefix?: pulumi.Input<string>;
/**
* Networks to attach to instances created from
* this template. This can be specified multiple times for multiple networks.
* Structure is documented below.
*/
networkInterfaces?: pulumi.Input<pulumi.Input<inputs.compute.InstanceTemplateNetworkInterface>[]>;
/**
* (Optional, Configures network performance settings for the instance created from the
* template. Structure is documented below. **Note**: `machineType`
* must be a [supported type](https://cloud.google.com/compute/docs/networking/configure-vm-with-high-bandwidth-configuration),
* the `image` used must include the [`GVNIC`](https://cloud.google.com/compute/docs/networking/using-gvnic#create-instance-gvnic-image)
* in `guest-os-features`, and `network_interface.0.nic-type` must be `GVNIC`
* in order for this setting to take effect.
*/
networkPerformanceConfig?: pulumi.Input<inputs.compute.InstanceTemplateNetworkPerformanceConfig>;
/**
* numeric identifier of the resource.
*/
numericId?: pulumi.Input<string>;
/**
* Beta key/value pair represents partner metadata assigned to instance template where key represent a defined namespace and value is a json string represent the entries associted with the namespace.
*/
partnerMetadata?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The ID of the project in which the resource belongs. If it
* is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* The combination of labels configured directly on the resource and default labels configured on the provider.
*/
pulumiLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* An instance template is a global resource that is not
* bound to a zone or a region. However, you can still specify some regional
* resources in an instance template, which restricts the template to the
* region where that resource resides. For example, a custom `subnetwork`
* resource is tied to a specific region. Defaults to the region of the
* Provider if no value is given.
*/
region?: pulumi.Input<string>;
/**
* Specifies the reservations that this instance can consume from.
* Structure is documented below.
*/
reservationAffinity?: pulumi.Input<inputs.compute.InstanceTemplateReservationAffinity>;
/**
* A set of key/value resource manager tag pairs to bind to the instances. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.
*/
resourceManagerTags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* - A list of selfLinks of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
*/
resourcePolicies?: pulumi.Input<string>;
/**
* The scheduling strategy to use. More details about
* this configuration option are detailed below.
*/
scheduling?: pulumi.Input<inputs.compute.InstanceTemplateScheduling>;
/**
* The URI of the created resource.
*/
selfLink?: pulumi.Input<string>;
/**
* A special URI of the created resource that uniquely identifies this instance template with the following format: `projects/{{project}}/global/instanceTemplates/{{name}}?uniqueId={{uniqueId}}`
* Referencing an instance template via this attribute prevents Time of Check to Time of Use attacks when the instance template resides in a shared/untrusted environment.
*/
selfLinkUnique?: pulumi.Input<string>;
/**
* Service account to attach to the instance. Structure is documented below.
*/
serviceAccount?: pulumi.Input<inputs.compute.InstanceTemplateServiceAccount>;
/**
* Enable [Shielded VM](https://cloud.google.com/security/shielded-cloud/shielded-vm) on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Structure is documented below.
* **Note**: `shieldedInstanceConfig` can only be used with boot images with shielded vm support. See the complete list [here](https://cloud.google.com/compute/docs/images#shielded-images).
*/
shieldedInstanceConfig?: pulumi.Input<inputs.compute.InstanceTemplateShieldedInstanceConfig>;
/**
* Tags to attach to the instance.
*/
tags?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The unique fingerprint of the tags.
*/
tagsFingerprint?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a InstanceTemplate resource.
*/
export interface InstanceTemplateArgs {
/**
* Configure Nested Virtualisation and Simultaneous Hyper Threading on this VM. Structure is documented below
*/
advancedMachineFeatures?: pulumi.Input<inputs.compute.InstanceTemplateAdvancedMachineFeatures>;
/**
* Whether to allow sending and receiving of
* packets with non-matching source or destination IPs. This defaults to false.
*/
canIpForward?: pulumi.Input<boolean>;
/**
* Enable [Confidential Mode](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) on this VM. Structure is documented below
*/
confidentialInstanceConfig?: pulumi.Input<inputs.compute.InstanceTemplateConfidentialInstanceConfig>;
/**
* A brief description of this resource.
*/
description?: pulumi.Input<string>;
/**
* Disks to attach to instances created from this template.
* This can be specified multiple times for multiple disks. Structure is
* documented below.
*/
disks: pulumi.Input<pulumi.Input<inputs.compute.InstanceTemplateDisk>[]>;
/**
* Enable [Virtual Displays](https://cloud.google.com/compute/docs/instances/enable-instance-virtual-display#verify_display_driver) on this instance.
* **Note**: `allowStoppingForUpdate` must be set to true in order to update this field.
*/
enableDisplay?: pulumi.Input<boolean>;
/**
* List of the type and count of accelerator cards attached to the instance. Structure documented below.
*/
guestAccelerators?: pulumi.Input<pulumi.Input<inputs.compute.InstanceTemplateGuestAccelerator>[]>;
/**
* A brief description to use for instances
* created from this template.
*/
instanceDescription?: pulumi.Input<string>;
/**
* Action to be taken when a customer's encryption key is revoked. Supports `STOP` and `NONE`, with `NONE` being the default.
*/
keyRevocationActionType?: pulumi.Input<string>;
/**
* A set of key/value label pairs to assign to instances
* created from this template.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field 'effective_labels' for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.
*/
machineType: pulumi.Input<string>;
/**
* Metadata key/value pairs to make available from
* within instances created from this template.
*/
metadata?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* An alternative to using the
* startup-script metadata key, mostly to match the computeInstance resource.
* This replaces the startup-script metadata key on the created instance and
* thus the two mechanisms are not allowed to be used simultaneously.
*/
metadataStartupScript?: pulumi.Input<string>;
/**
* Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as
* `Intel Haswell` or `Intel Skylake`. See the complete list [here](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform).
*/
minCpuPlatform?: pulumi.Input<string>;
/**
* The name of the instance template. If you leave
* this blank, the provider will auto-generate a unique name.
*/
name?: pulumi.Input<string>;
/**
* Creates a unique name beginning with the specified
* prefix. Conflicts with `name`. Max length is 54 characters.
* Prefixes with lengths longer than 37 characters will use a shortened
* UUID that will be more prone to collisions.
*
* Resulting name for a `namePrefix` <= 37 characters:
* `namePrefix` + YYYYmmddHHSSssss + 8 digit incremental counter
* Resulting name for a `namePrefix` 38 - 54 characters:
* `namePrefix` + YYmmdd + 3 digit incremental counter
*/
namePrefix?: pulumi.Input<string>;
/**
* Networks to attach to instances created from
* this template. This can be specified multiple times for multiple networks.
* Structure is documented below.
*/
networkInterfaces?: pulumi.Input<pulumi.Input<inputs.compute.InstanceTemplateNetworkInterface>[]>;
/**
* (Optional, Configures network performance settings for the instance created from the
* template. Structure is documented below. **Note**: `machineType`
* must be a [supported type](https://cloud.google.com/compute/docs/networking/configure-vm-with-high-bandwidth-configuration),
* the `image` used must include the [`GVNIC`](https://cloud.google.com/compute/docs/networking/using-gvnic#create-instance-gvnic-image)
* in `guest-os-features`, and `network_interface.0.nic-type` must be `GVNIC`
* in order for this setting to take effect.
*/
networkPerformanceConfig?: pulumi.Input<inputs.compute.InstanceTemplateNetworkPerformanceConfig>;
/**
* Beta key/value pair represents partner metadata assigned to instance template where key represent a defined namespace and value is a json string represent the entries associted with the namespace.
*/
partnerMetadata?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The ID of the project in which the resource belongs. If it
* is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* An instance template is a global resource that is not
* bound to a zone or a region. However, you can still specify some regional
* resources in an instance template, which restricts the template to the
* region where that resource resides. For example, a custom `subnetwork`
* resource is tied to a specific region. Defaults to the region of the
* Provider if no value is given.
*/
region?: pulumi.Input<string>;
/**
* Specifies the reservations that this instance can consume from.
* Structure is documented below.
*/
reservationAffinity?: pulumi.Input<inputs.compute.InstanceTemplateReservationAffinity>;
/**
* A set of key/value resource manager tag pairs to bind to the instances. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.
*/
resourceManagerTags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* - A list of selfLinks of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
*/
resourcePolicies?: pulumi.Input<string>;
/**
* The scheduling strategy to use. More details about
* this configuration option are detailed below.
*/
scheduling?: pulumi.Input<inputs.compute.InstanceTemplateScheduling>;
/**
* Service account to attach to the instance. Structure is documented below.
*/
serviceAccount?: pulumi.Input<inputs.compute.InstanceTemplateServiceAccount>;
/**
* Enable [Shielded VM](https://cloud.google.com/security/shielded-cloud/shielded-vm) on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Structure is documented below.
* **Note**: `shieldedInstanceConfig` can only be used with boot images with shielded vm support. See the complete list [here](https://cloud.google.com/compute/docs/images#shielded-images).
*/
shieldedInstanceConfig?: pulumi.Input<inputs.compute.InstanceTemplateShieldedInstanceConfig>;
/**
* Tags to attach to the instance.
*/
tags?: pulumi.Input<pulumi.Input<string>[]>;
}