GCP Components
Reference for every GCP offer in the Fractal Cloud catalogue. Parameters and their required flags are sourced from the agent param contract (FRA-2955); each offer includes a fully-parameterized JSON example.
APIManagement
APIManagement.CaaS.Ambassador
Ambassador is a Kubernetes-native API gateway deployed as a containerized workload, providing edge routing, TLS termination, and authentication services.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| host | Hostname for the Ambassador service endpoint | api.example.com | No |
| hostOwnerEmail | Email address of the host owner for certificate renewal notifications | admin@example.com | Yes |
| acmeProviderAuthority | ACME certificate authority URL for TLS automation | https://acme-v02.api.letsencrypt.org/directory | Yes |
| tlsSecretName | Kubernetes secret name containing TLS certificate and key | ambassador-tls | Yes |
| licenseKey | Ambassador license key for commercial features | license-xxxx-xxxx | No |
| namespace | Kubernetes namespace where Ambassador will be deployed | ambassador | Yes |
Example (fully parameterized):
{
"type": "APIManagement.CaaS.Ambassador",
"parameters": {
"host": "api.example.com",
"hostOwnerEmail": "admin@example.com",
"acmeProviderAuthority": "https://acme-v02.api.letsencrypt.org/directory",
"tlsSecretName": "ambassador-tls",
"licenseKey": "license-xxxx-xxxx",
"namespace": "ambassador"
}
}
APIManagement.CaaS.Traefik
Traefik is a modern reverse proxy and load balancer deployed as a Kubernetes workload, supporting dynamic routing, TLS termination, and OIDC-based authentication.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| entryPoints | List of network endpoints (ports/protocols) for ingress traffic | ["http:8080", "https:8443"] | Yes |
| hostname | Hostname for the Traefik dashboard and service | traefik.example.com | No |
| loadbalancerIp | Fixed IP address for the load balancer (if applicable) | 203.0.113.10 | No |
| oidcIssuerUrl | OIDC provider issuer URL for authentication | Conditional — part of the all-or-nothing OIDC config group | |
| oidcClientId | OIDC application client ID | Conditional — part of the all-or-nothing OIDC config group | |
| oidcClientSecretId | Secret manager reference for OIDC client secret | Conditional — part of the all-or-nothing OIDC config group | |
| forwardAuthSecretId | Secret manager reference for forward authentication credentials | Conditional — part of the all-or-nothing OIDC config group | |
| securityHeadersSettings | Map of HTTP security headers to add to responses | {} | No |
| tlsCertificates | List of TLS certificate configurations | [] | No |
| tlsSettings | Map of TLS protocol and cipher settings | {} | No |
| tracing | Map of distributed tracing configuration (Jaeger/Zipkin) | {} | No |
| namespace | Kubernetes namespace where Traefik will be deployed | traefik | Yes |
Example (fully parameterized):
{
"type": "APIManagement.CaaS.Traefik",
"parameters": {
"entryPoints": ["http:8080", "https:8443"],
"hostname": "traefik.example.com",
"loadbalancerIp": "203.0.113.10",
"oidcIssuerUrl": "https://auth.example.com",
"oidcClientId": "traefik-client-id",
"oidcClientSecretId": "projects/my-project/secrets/traefik-secret",
"forwardAuthSecretId": "projects/my-project/secrets/fwd-auth",
"securityHeadersSettings": { "X-Frame-Options": "DENY" },
"tlsCertificates": [],
"tlsSettings": {},
"tracing": {},
"namespace": "traefik"
}
}
APIManagement.PaaS.ApiGateway
API Gateway is a managed service providing request routing, authentication, logging, and rate limiting for backend services.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| location | GCP region where the API Gateway is deployed | europe-west1 | No |
| apiConfig | OpenAPI configuration document or inline API specification | apiVersion: openapi/v3.0.0... | Yes |
Example (fully parameterized):
{
"type": "APIManagement.PaaS.ApiGateway",
"parameters": {
"location": "europe-west1",
"apiConfig": "apiVersion: openapi/v3.0.0"
}
}
APIManagement.SaaS.Unmanaged
Unmanaged API management component, externally provisioned with credentials supplied at deployment time.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the externally managed secret | external-api-manager | No |
| secretValue | Credentials or configuration string for the external API management service | {"endpoint": "https://api.example.com"} | Yes |
Example (fully parameterized):
{
"type": "APIManagement.SaaS.Unmanaged",
"parameters": {
"secretName": "external-api-manager",
"secretValue": "{\"endpoint\": \"https://api.example.com\"}"
}
}
BigData
BigData.CaaS.MinioTenant
MinIO is a high-performance object storage server deployed in Kubernetes, compatible with the S3 API and supporting distributed storage across multiple servers.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| minioVersion | MinIO release version | RELEASE.2025-03-12T18-04-18Z | No |
| servers | Number of MinIO server pods | 4 | No |
| volumesPerServer | Number of persistent volumes per server | 4 | No |
| volumeSize | Size of each volume | 100Gi | No |
| storageClass | Kubernetes storage class for volumes | standard | No |
| cpuRequest | CPU request per pod | 500m | No |
| cpuLimit | CPU limit per pod | 2 | No |
| memoryRequest | Memory request per pod | 1Gi | No |
| memoryLimit | Memory limit per pod | 4Gi | No |
| requestAutoCert | Automatically request TLS certificate | true | No |
| namespace | Kubernetes namespace for deployment | minio | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.MinioTenant",
"parameters": {
"minioVersion": "RELEASE.2025-03-12T18-04-18Z",
"servers": 4,
"volumesPerServer": 4,
"volumeSize": "100Gi",
"storageClass": "standard",
"cpuRequest": "500m",
"cpuLimit": "2",
"memoryRequest": "1Gi",
"memoryLimit": "4Gi",
"requestAutoCert": true,
"namespace": "minio"
}
}
BigData.CaaS.SparkCluster
SparkCluster is a Spark cluster deployed in Kubernetes using the Spark Operator, enabling distributed data processing.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| sparkVersion | Apache Spark version | 3.5.3 | No |
| image | Docker image URI for Spark drivers and executors | apache/spark:3.5.3 | No |
| driverCores | Number of CPU cores for the Spark driver | 1 | No |
| driverMemory | Memory allocation for the Spark driver | 1g | No |
| executorCores | Number of CPU cores per executor | 2 | No |
| executorMemory | Memory allocation per executor | 2g | No |
| executorInstances | Number of executor pods | 2 | No |
| sparkOperatorName | Name of the Spark Operator release | spark-operator | Yes |
| namespace | Kubernetes namespace for Spark resources | spark | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.SparkCluster",
"parameters": {
"sparkVersion": "3.5.3",
"image": "apache/spark:3.5.3",
"driverCores": "1",
"driverMemory": "1g",
"executorCores": "2",
"executorMemory": "2g",
"executorInstances": 2,
"sparkOperatorName": "spark-operator",
"namespace": "spark"
}
}
BigData.CaaS.SparkJob
SparkJob is a Spark application submitted to a Kubernetes cluster, with optional scheduled execution via CronJob.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| type | Job type: Java, Python, R, or SQL | Java | No |
| mode | Job execution mode: client or cluster | cluster | No |
| image | Docker image for the Spark runtime | apache/spark:3.5.3 | No |
| mainClass | Fully-qualified Java main class | com.example.MyApp | No |
| mainApplicationFile | Path to the JAR or Python script | s3://bucket/app.jar | No |
| arguments | List of command-line arguments for the application | ["--input", "s3://bucket/data"] | No |
| sparkVersion | Apache Spark version | 3.5.3 | No |
| sparkConf | Map of Spark configuration properties | {"spark.executor.memory": "2g"} | No |
| driverCores | Number of CPU cores for the Spark driver | 1 | No |
| driverMemory | Memory allocation for the Spark driver | 1g | No |
| executorCores | Number of CPU cores per executor | 2 | No |
| executorMemory | Memory allocation per executor | 2g | No |
| executorInstances | Number of executor pods | 2 | No |
| restartPolicy | Kubernetes restart policy: Always, OnFailure, or Never | Never | No |
| maxRetries | Maximum number of retries on failure | 3 | No |
| schedule | Cron expression for scheduled execution (empty for one-time jobs) | 0 2 * * * | No |
| concurrencyPolicy | Cron concurrency policy: Allow, Forbid, or Replace | Forbid | No |
| sparkOperatorName | Name of the Spark Operator release | spark-operator | Yes |
| namespace | Kubernetes namespace for Spark resources | spark | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.SparkJob",
"parameters": {
"type": "Java",
"mode": "cluster",
"image": "apache/spark:3.5.3",
"mainClass": "com.example.MyApp",
"mainApplicationFile": "s3://bucket/app.jar",
"arguments": ["--input", "s3://bucket/data"],
"sparkVersion": "3.5.3",
"sparkConf": {"spark.executor.memory": "2g"},
"driverCores": "1",
"driverMemory": "1g",
"executorCores": "2",
"executorMemory": "2g",
"executorInstances": 2,
"restartPolicy": "Never",
"maxRetries": 3,
"schedule": "0 2 * * *",
"concurrencyPolicy": "Forbid",
"sparkOperatorName": "spark-operator",
"namespace": "spark"
}
}
BigData.CaaS.SparkMlExperiment
SparkMlExperiment is an MLflow tracking server deployed in Kubernetes for experiment management, model versioning, and artifact storage.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| mlflowVersion | MLflow server version | 2.21.3 | No |
| backendStoreUri | Backend database URI for MLflow metadata | sqlite:///mlflow/mlflow.db | No |
| artifactRoot | Artifact store root path | /mlflow/artifacts | No |
| replicas | Number of MLflow server replicas | 2 | No |
| cpuRequest | CPU request per MLflow pod | 250m | No |
| cpuLimit | CPU limit per MLflow pod | 1 | No |
| memoryRequest | Memory request per MLflow pod | 512Mi | No |
| memoryLimit | Memory limit per MLflow pod | 1Gi | No |
| servicePort | Port for the MLflow service | 5000 | No |
| namespace | Kubernetes namespace for MLflow | mlflow | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.SparkMlExperiment",
"parameters": {
"mlflowVersion": "2.21.3",
"backendStoreUri": "sqlite:///mlflow/mlflow.db",
"artifactRoot": "/mlflow/artifacts",
"replicas": 2,
"cpuRequest": "250m",
"cpuLimit": "1",
"memoryRequest": "512Mi",
"memoryLimit": "1Gi",
"servicePort": 5000,
"namespace": "mlflow"
}
}
BigData.CaaS.SparkOperator
SparkOperator is the Kubernetes operator for Apache Spark, providing custom resource definitions and controllers for Spark cluster and job management.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| operatorVersion | Spark Operator release version | 2.5.0 | No |
| sparkVersion | Default Apache Spark version for submitted jobs | 3.5.3 | No |
| enableWebhook | Enable validating webhook for SparkApplication resources | true | No |
| enableMetrics | Enable Prometheus metrics export | true | No |
| namespace | Kubernetes namespace for the Spark Operator | spark-operator | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.SparkOperator",
"parameters": {
"operatorVersion": "2.5.0",
"sparkVersion": "3.5.3",
"enableWebhook": true,
"enableMetrics": true,
"namespace": "spark-operator"
}
}
BigData.CaaS.SparkUnityCatalog
SparkUnityCatalog is the Unity Catalog metadata service for Apache Spark, enabling centralized governance of data assets across multiple compute environments.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| unityCatalogVersion | Unity Catalog version | 0.3.0 | No |
| replicas | Number of Unity Catalog service replicas | 2 | No |
| cpuRequest | CPU request per pod | 250m | No |
| cpuLimit | CPU limit per pod | 1 | No |
| memoryRequest | Memory request per pod | 512Mi | No |
| memoryLimit | Memory limit per pod | 1Gi | No |
| namespace | Kubernetes namespace for Unity Catalog | unity-catalog | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.SparkUnityCatalog",
"parameters": {
"unityCatalogVersion": "0.3.0",
"replicas": 2,
"cpuRequest": "250m",
"cpuLimit": "1",
"memoryRequest": "512Mi",
"memoryLimit": "1Gi",
"namespace": "unity-catalog"
}
}
BigData.PaaS.CloudStorage
CloudStorage is a managed object storage bucket in GCP Cloud Storage for data lake and archival use cases.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| bucketName | GCS bucket name (must be globally unique) | my-data-lake-123 | No |
| region | GCP region or multi-region for the bucket | EU, US | No |
| storageClass | Storage class: STANDARD, NEARLINE, COLDLINE, ARCHIVE | STANDARD | No |
| versioningEnabled | Enable object versioning | false | No |
| uniformBucketLevelAccess | Enforce Uniform Bucket-Level Access (disable ACLs) | true | No |
Example (fully parameterized):
{
"type": "BigData.PaaS.CloudStorage",
"parameters": {
"bucketName": "my-data-lake-123",
"region": "EU",
"storageClass": "STANDARD",
"versioningEnabled": false,
"uniformBucketLevelAccess": true
}
}
BigData.PaaS.Databricks
Databricks is a managed analytics platform providing unified data and AI capabilities on GCP.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| accountId | Databricks account ID | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx | No |
| pricingTier | Pricing tier: premium, standard | premium | No |
| networkId | GCP network ID for private connectivity | projects/my-project/global/networks/my-vpc | No |
Example (fully parameterized):
{
"type": "BigData.PaaS.Databricks",
"parameters": {
"accountId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"pricingTier": "premium",
"networkId": "projects/my-project/global/networks/my-vpc"
}
}
BigData.PaaS.DatabricksCluster
DatabricksCluster is a Databricks cluster with configurable compute resources and libraries for interactive analytics and development.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| clusterName | Display name for the cluster | analytics-cluster | No |
| sparkVersion | Databricks runtime version | 15.3.x-scala2.12 | No |
| nodeTypeId | GCP machine type for cluster nodes | i3.xlarge | No |
| numWorkers | Initial number of worker nodes | 2 | No |
| minWorkers | Minimum number of worker nodes for autoscaling | 1 | No |
| maxWorkers | Maximum number of worker nodes for autoscaling | 8 | No |
| sparkConf | Map of Spark configuration properties | {"spark.executor.memory": "4g"} | No |
| pypiLibraries | List of PyPI packages to install | ["pandas==1.5.0", "numpy"] | No |
| mavenLibraries | List of Maven/JAR dependencies | ["com.example:my-lib:1.0.0"] | No |
| autoTerminationMinutes | Minutes of inactivity before cluster auto-terminates | 60 | No |
| dataSecurityMode | Data access mode: SINGLE_USER, NONE | SINGLE_USER | No |
Example (fully parameterized):
{
"type": "BigData.PaaS.DatabricksCluster",
"parameters": {
"clusterName": "analytics-cluster",
"sparkVersion": "15.3.x-scala2.12",
"nodeTypeId": "i3.xlarge",
"numWorkers": 2,
"minWorkers": 1,
"maxWorkers": 8,
"sparkConf": {"spark.executor.memory": "4g"},
"pypiLibraries": ["pandas==1.5.0", "numpy"],
"mavenLibraries": ["com.example:my-lib:1.0.0"],
"autoTerminationMinutes": 60,
"dataSecurityMode": "SINGLE_USER"
}
}
BigData.PaaS.DatabricksJob
DatabricksJob is a Databricks job for scheduled or on-demand execution of notebooks, Python scripts, or JAR files.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| jobName | Display name for the job | daily-etl | No |
| taskType | Type of task: notebook, python_file, jar | notebook | No |
| notebookPath | Path to the notebook in Databricks workspace | /Users/user@example.com/ETL | No |
| pythonFile | S3 path to a Python script | s3://bucket/job.py | No |
| mainClassName | Fully-qualified Java class with main() method | com.example.Main | No |
| jarUri | S3 path to a JAR file | s3://bucket/app.jar | No |
| parameters | List of positional parameters for the job | ["--date", "2025-01-01"] | No |
| cronSchedule | Cron expression for scheduling (empty for manual trigger) | 0 2 * * * | No |
| maxRetries | Maximum number of retries on failure | 0 | No |
| existingCluster | Use existing cluster instead of creating a new one | false | No |
| artifactType | Type of artifact: WHLFILE, JARFILE | JARFILE | No |
| artifactUri | S3 path to the artifact | s3://bucket/artifact.jar | No |
| packageName | Python package name for package tasks | my.package | No |
| entryPoint | Entry point function/method for package tasks | main | No |
| entryPointArgs | Arguments for the entry point | ["arg1", "arg2"] | No |
Example (fully parameterized):
{
"type": "BigData.PaaS.DatabricksJob",
"parameters": {
"jobName": "daily-etl",
"taskType": "notebook",
"notebookPath": "/Users/user@example.com/ETL",
"pythonFile": "s3://bucket/job.py",
"mainClassName": "com.example.Main",
"jarUri": "s3://bucket/app.jar",
"parameters": ["--date", "2025-01-01"],
"cronSchedule": "0 2 * * *",
"maxRetries": 0,
"existingCluster": false,
"artifactType": "JARFILE",
"artifactUri": "s3://bucket/artifact.jar",
"packageName": "my.package",
"entryPoint": "main",
"entryPointArgs": ["arg1", "arg2"]
}
}
BigData.PaaS.DatabricksMlflowExperiment
DatabricksMlflowExperiment is an MLflow experiment within Databricks for tracking machine learning model training runs and artifacts.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| experimentName | Display name for the MLflow experiment | model-training | No |
| artifactLocation | Cloud storage path for experiment artifacts | s3://bucket/mlflow-artifacts | No |
Example (fully parameterized):
{
"type": "BigData.PaaS.DatabricksMlflowExperiment",
"parameters": {
"experimentName": "model-training",
"artifactLocation": "s3://bucket/mlflow-artifacts"
}
}
BigData.SaaS.Unmanaged
Unmanaged BigData component, externally provisioned with credentials supplied at deployment time.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the externally managed secret | external-bigdata-service | No |
| secretValue | Credentials or configuration string for the external BigData service | {"connection_string": "..."} | Yes |
Example (fully parameterized):
{
"type": "BigData.SaaS.Unmanaged",
"parameters": {
"secretName": "external-bigdata-service",
"secretValue": "{\"connection_string\": \"...\"}"
}
}
CustomWorkloads
CustomWorkloads.CaaS.KubernetesWorkload
KubernetesWorkload is a containerized application deployed via GitOps, pulling manifests from a Git repository and applying them to the Kubernetes cluster.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| sshRepositoryURI | SSH URL of the Git repository | git@github.com:org/repo.git | Yes |
| repoId | Unique identifier for the repository | org-repo | Yes |
| branchName | Git branch to pull manifests from | main, develop | Yes |
| privateSSHKeySecretId | GCP Secret Manager secret ID for SSH private key | projects/my-project/secrets/ssh-key | No |
| privateSSHKeyEnvironmentSecretShortName | Environment-based secret short name for SSH key | SSH_KEY | No |
| privateSSHKeyPassphraseSecretId | Secret Manager ID for SSH key passphrase | projects/my-project/secrets/ssh-passphrase | No |
| privateSSHKeyPassphraseEnvironmentSecretShortName | Environment-based secret short name for passphrase | SSH_PASSPHRASE | No |
| ciCdProfileShortName | CI/CD profile identifier for build/push configuration | default-profile | No |
| environmentSecretShortNames | List of environment secret names to inject | ["DB_PASSWORD", "API_KEY"] | No |
| roles | List of Kubernetes RBAC roles to bind | ["viewer", "editor"] | No |
| workloadSecretIdKey | JSON key containing workload identity secret ID | secret_id | No |
| workloadSecretPasswordKey | JSON key containing workload password | password | No |
| workloadIdentityEnabled | Enable Kubernetes workload identity binding | true | No |
| namespace | Kubernetes namespace for deployment | default | Yes |
Example (fully parameterized):
{
"type": "CustomWorkloads.CaaS.KubernetesWorkload",
"parameters": {
"sshRepositoryURI": "git@github.com:org/repo.git",
"repoId": "org-repo",
"branchName": "main",
"privateSSHKeySecretId": "projects/my-project/secrets/ssh-key",
"privateSSHKeyEnvironmentSecretShortName": "SSH_KEY",
"privateSSHKeyPassphraseSecretId": "projects/my-project/secrets/ssh-passphrase",
"privateSSHKeyPassphraseEnvironmentSecretShortName": "SSH_PASSPHRASE",
"ciCdProfileShortName": "default-profile",
"environmentSecretShortNames": ["DB_PASSWORD", "API_KEY"],
"roles": ["viewer", "editor"],
"workloadSecretIdKey": "secret_id",
"workloadSecretPasswordKey": "password",
"workloadIdentityEnabled": true,
"namespace": "default"
}
}
CustomWorkloads.FaaS.GoogleFunction
GoogleFunction is a serverless function deployed to Google Cloud Functions, triggered by HTTP requests or events.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| location | GCP region for the function | europe-west1 | No |
| runtime | Function runtime environment | java21, java17, python312, nodejs20 | No |
| entryPoint | Function class and method name (Java) or function name (other runtimes) | MyFunction.myHandler | Yes |
| sourceArtifact | Cloud Storage path to source artifact (preferred) | gs://bucket/function.jar | Conditional — preferred source; required unless sourceBucket+sourceObject are supplied |
| sourceBucket | Cloud Storage bucket for legacy source specification | gs://bucket | Conditional — legacy source; required with sourceObject when sourceArtifact is absent |
| sourceObject | Cloud Storage object path for legacy source specification | function.jar | Conditional — legacy source; required with sourceBucket when sourceArtifact is absent |
Example (fully parameterized):
{
"type": "CustomWorkloads.FaaS.GoogleFunction",
"parameters": {
"location": "europe-west1",
"runtime": "java21",
"entryPoint": "MyFunction.myHandler",
"sourceArtifact": "gs://bucket/function.jar",
"sourceBucket": "gs://bucket",
"sourceObject": "function.jar"
}
}
CustomWorkloads.SaaS.Unmanaged
Unmanaged CustomWorkloads component, externally provisioned with credentials supplied at deployment time.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the externally managed secret | external-workload-service | No |
| secretValue | Credentials or configuration string for the external workload service | {"endpoint": "https://api.example.com"} | Yes |
Example (fully parameterized):
{
"type": "CustomWorkloads.SaaS.Unmanaged",
"parameters": {
"secretName": "external-workload-service",
"secretValue": "{\"endpoint\": \"https://api.example.com\"}"
}
}
Messaging
Messaging.CaaS.Kafka
Kafka is a distributed message broker deployed in Kubernetes, providing publish-subscribe and streaming capabilities.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| replicas | Number of Kafka broker replicas | 5 | No |
| kafkaVersion | Kafka broker version | 4.2.0 | No |
| memoryRequest | Memory request per Kafka pod | 16Gi | No |
| memoryLimit | Memory limit per Kafka pod | 32Gi | No |
| cpuRequest | CPU request per Kafka pod | 4 | No |
| cpuLimit | CPU limit per Kafka pod | 8 | No |
| storageSize | Persistent volume size for Kafka data | 1Ti | No |
| namespace | Kubernetes namespace for Kafka deployment | kafka | Yes |
Example (fully parameterized):
{
"type": "Messaging.CaaS.Kafka",
"parameters": {
"replicas": 5,
"kafkaVersion": "4.2.0",
"memoryRequest": "16Gi",
"memoryLimit": "32Gi",
"cpuRequest": "4",
"cpuLimit": "8",
"storageSize": "1Ti",
"namespace": "kafka"
}
}
Messaging.CaaS.KafkaTopic
KafkaTopic is a topic in a Kafka cluster for publish-subscribe messaging.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| partitions | Number of partitions for the topic | 50 | No |
| replicas | Replication factor for topic partitions | 2 | No |
| retentionMs | Message retention time in milliseconds | 172800000 (2 days) | No |
| clusterName | Name of the Kafka cluster this topic belongs to | kafka-cluster | Yes |
| namespace | Kubernetes namespace where the topic is created | kafka | Yes |
Example (fully parameterized):
{
"type": "Messaging.CaaS.KafkaTopic",
"parameters": {
"partitions": 50,
"replicas": 2,
"retentionMs": 172800000,
"clusterName": "kafka-cluster",
"namespace": "kafka"
}
}
Messaging.CaaS.KafkaUser
KafkaUser is a user account with ACL permissions in a Kafka cluster for secure client authentication and authorization.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| acls | List of ACL entries defining permissions | [{"resource": "TOPIC", "name": "my-topic", "operation": "READ"}] | No |
| clusterName | Name of the Kafka cluster this user belongs to | kafka-cluster | Yes |
| namespace | Kubernetes namespace where the user is created | kafka | Yes |
Example (fully parameterized):
{
"type": "Messaging.CaaS.KafkaUser",
"parameters": {
"acls": [{"resource": "TOPIC", "name": "my-topic", "operation": "READ"}],
"clusterName": "kafka-cluster",
"namespace": "kafka"
}
}
Messaging.PaaS.PubSub
No configurable parameters.
Example (fully parameterized):
{ "type": "Messaging.PaaS.PubSub", "parameters": {} }
Messaging.PaaS.PubSubTopic
No configurable parameters.
Example (fully parameterized):
{ "type": "Messaging.PaaS.PubSubTopic", "parameters": {} }
Messaging.PaaS.Subscription
Subscription is a message subscription in Google Cloud Pub/Sub for consuming published messages from a topic.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| topicName | Name of the Pub/Sub topic to subscribe to | my-topic | Yes |
| ackDeadlineSeconds | Acknowledgment deadline in seconds | 10 | No |
Example (fully parameterized):
{
"type": "Messaging.PaaS.Subscription",
"parameters": {
"topicName": "my-topic",
"ackDeadlineSeconds": 10
}
}
Messaging.SaaS.Unmanaged
Unmanaged Messaging component, externally provisioned with credentials supplied at deployment time.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the externally managed secret | external-messaging-service | No |
| secretValue | Credentials or configuration string for the external messaging service | {"broker_url": "..."} | Yes |
Example (fully parameterized):
{
"type": "Messaging.SaaS.Unmanaged",
"parameters": {
"secretName": "external-messaging-service",
"secretValue": "{\"broker_url\": \"...\"}"
}
}
NetworkAndCompute
NetworkAndCompute.CaaS.CloudRunService
CloudRunService is a managed containerized service deployed to Google Cloud Run with automatic scaling based on demand.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| image | Container image URI (must be in Google Container Registry or Artifact Registry) | gcr.io/my-project/my-service:latest | No |
| cpu | CPU allocation per instance | 1, 2, 4 | No |
| memory | Memory allocation per instance | 512Mi, 1Gi, 2Gi | No |
| port | Container port to listen on | 8080 | No |
| minInstances | Minimum number of instances | 0 | No |
| maxInstances | Maximum number of instances | 100 | No |
| concurrency | Maximum concurrent requests per instance | 80 | No |
| serviceAccountEmail | GCP service account email for workload identity | cloud-run-sa@my-project.iam.gserviceaccount.com | No |
| ingress | Traffic ingress policy: all, internal, internal-and-cloud-armor | all | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.CaaS.CloudRunService",
"parameters": {
"image": "gcr.io/my-project/my-service:latest",
"cpu": "1",
"memory": "512Mi",
"port": 8080,
"minInstances": 0,
"maxInstances": 100,
"concurrency": 80,
"serviceAccountEmail": "cloud-run-sa@my-project.iam.gserviceaccount.com",
"ingress": "all"
}
}
NetworkAndCompute.IaaS.GcpComputeInstance
GcpComputeInstance is a Compute Engine virtual machine instance in GCP.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| zone | GCP zone for the instance | Conditional — defaults to the environment default zone when absent | |
| machineType | Machine type (e.g., n1-standard-1, e2-medium) | e2-medium | No |
| imageLink | Custom image URI or public image family | projects/my-project/global/images/my-image | No |
| keyData | SSH public key for authentication (PEM format) | ssh-rsa AAAA... | No |
| userData | Startup script to execute on instance boot | #!/bin/bash\necho "Hello" | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.GcpComputeInstance",
"parameters": {
"zone": "europe-west1-b",
"machineType": "e2-medium",
"imageLink": "projects/my-project/global/images/my-image",
"keyData": "ssh-rsa AAAA...",
"userData": "#!/bin/bash\necho \"Hello\""
}
}
NetworkAndCompute.IaaS.GcpFirewall
GcpFirewall is a firewall rule in GCP VPC, controlling ingress traffic to resources.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| description | Human-readable description of the rule | Conditional — defaults to the component id when absent | |
| ingressRules | List of firewall ingress rules | [{"protocol": "tcp", "ports": ["80", "443"]}] | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.GcpFirewall",
"parameters": {
"description": "Allow web traffic",
"ingressRules": [{"protocol": "tcp", "ports": ["80", "443"]}]
}
}
NetworkAndCompute.IaaS.GcpLoadBalancer
GcpLoadBalancer is an internal or external load balancer in GCP.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| lbScheme | Load balancer scheme: INTERNAL, EXTERNAL | INTERNAL | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.GcpLoadBalancer",
"parameters": {
"lbScheme": "INTERNAL"
}
}
NetworkAndCompute.IaaS.GcpSecurityGroup
GcpSecurityGroup is a VPC firewall rule set in GCP, functionally equivalent to a security group.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| description | Human-readable description of the security group | Conditional — defaults to the component id when absent | |
| ingressRules | List of firewall ingress rules | [{"protocol": "tcp", "ports": ["22", "3389"]}] | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.GcpSecurityGroup",
"parameters": {
"description": "Allow RDP and SSH",
"ingressRules": [{"protocol": "tcp", "ports": ["22", "3389"]}]
}
}
NetworkAndCompute.IaaS.GcpSubnet
GcpSubnet is a subnetwork in a GCP VPC.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| cidrBlock | CIDR block for the subnet (e.g., 10.0.1.0/24) | 10.0.1.0/24 | No |
| networkName | Parent VPC network name | my-vpc | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.GcpSubnet",
"parameters": {
"cidrBlock": "10.0.1.0/24",
"networkName": "my-vpc"
}
}
NetworkAndCompute.IaaS.GcpVirtualMachine
GcpVirtualMachine is a Compute Engine virtual machine instance in GCP.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| zone | GCP zone for the instance | Conditional — defaults to the environment default zone when absent | |
| machineType | Machine type (e.g., n1-standard-1, e2-medium) | e2-medium | No |
| imageLink | Custom image URI or public image family | projects/my-project/global/images/my-image | No |
| keyData | SSH public key for authentication (PEM format) | ssh-rsa AAAA... | No |
| userData | Startup script to execute on instance boot | #!/bin/bash\necho "Hello" | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.GcpVirtualMachine",
"parameters": {
"zone": "europe-west1-b",
"machineType": "e2-medium",
"imageLink": "projects/my-project/global/images/my-image",
"keyData": "ssh-rsa AAAA...",
"userData": "#!/bin/bash\necho \"Hello\""
}
}
NetworkAndCompute.IaaS.GcpVpc
GcpVpc is a Virtual Private Cloud network in GCP.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| subnetMode | Subnet creation mode: CUSTOM, AUTO | CUSTOM | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.GcpVpc",
"parameters": {
"subnetMode": "CUSTOM"
}
}
NetworkAndCompute.IaaS.GlobalLoadBalancer
GlobalLoadBalancer is a global load balancer with advanced traffic management capabilities in GCP.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| lbScheme | Load balancer scheme: INTERNAL, EXTERNAL | INTERNAL | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.GlobalLoadBalancer",
"parameters": {
"lbScheme": "INTERNAL"
}
}
NetworkAndCompute.IaaS.SecurityGroup
SecurityGroup is a VPC firewall rule set in GCP, functionally equivalent to a security group.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| description | Human-readable description of the security group | Conditional — defaults to the component id when absent | |
| ingressRules | List of firewall ingress rules | [{"protocol": "tcp", "ports": ["443"]}] | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.SecurityGroup",
"parameters": {
"description": "Allow HTTPS traffic",
"ingressRules": [{"protocol": "tcp", "ports": ["443"]}]
}
}
NetworkAndCompute.IaaS.VirtualMachine
VirtualMachine is a Compute Engine virtual machine instance in GCP.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| zone | GCP zone for the instance | Conditional — defaults to the environment default zone when absent | |
| machineType | Machine type (e.g., n1-standard-1, e2-medium) | e2-medium | No |
| imageLink | Custom image URI or public image family | projects/my-project/global/images/my-image | No |
| keyData | SSH public key for authentication (PEM format) | ssh-rsa AAAA... | No |
| userData | Startup script to execute on instance boot | #!/bin/bash\necho "Hello" | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.VirtualMachine",
"parameters": {
"zone": "europe-west1-b",
"machineType": "e2-medium",
"imageLink": "projects/my-project/global/images/my-image",
"keyData": "ssh-rsa AAAA...",
"userData": "#!/bin/bash\necho \"Hello\""
}
}
NetworkAndCompute.PaaS.CloudRun
CloudRun is a managed platform for deploying containerized applications with automatic scaling.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| image | Container image URI (must be in Google Container Registry or Artifact Registry) | gcr.io/my-project/my-app:latest | No |
| cpu | CPU allocation per instance | 1, 2, 4 | No |
| memory | Memory allocation per instance | 512Mi, 1Gi, 2Gi | No |
| port | Container port to listen on | 8080 | No |
| minInstances | Minimum number of instances | 0 | No |
| maxInstances | Maximum number of instances | 100 | No |
| concurrency | Maximum concurrent requests per instance | 80 | No |
| serviceAccountEmail | GCP service account email for workload identity | cloud-run-sa@my-project.iam.gserviceaccount.com | No |
| ingress | Traffic ingress policy: all, internal, internal-and-cloud-armor | all | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.PaaS.CloudRun",
"parameters": {
"image": "gcr.io/my-project/my-app:latest",
"cpu": "1",
"memory": "512Mi",
"port": 8080,
"minInstances": 0,
"maxInstances": 100,
"concurrency": 80,
"serviceAccountEmail": "cloud-run-sa@my-project.iam.gserviceaccount.com",
"ingress": "all"
}
}
NetworkAndCompute.PaaS.GKE
GKE is Google Kubernetes Engine, a managed Kubernetes cluster in GCP.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| networkName | VPC network name for the cluster | my-vpc | No |
| networkPolicyProvider | Network policy provider: CALICO | CALICO | No |
| masterIpv4CidrBlock | CIDR block for the control plane | 172.16.0.0/28 | No |
| subnetworkIpRange | CIDR range for the subnetwork | 10.0.0.0/20 | No |
| nodePools | List of node pool configurations | [] | No |
| subnetworkName | Name of the subnetwork for the cluster | my-subnet | No |
| podsRangeName | Secondary IP range name for pods | pods-range | No |
| servicesRangeName | Secondary IP range name for services | services-range | No |
| serviceIpRange | CIDR range for services | 172.20.0.0/16 | No |
| podIpRange | CIDR range for pods | 172.21.0.0/16 | No |
| priorityClasses | List of priority class configurations | [] | No |
| windowsAdminUsername | Windows node pool admin username | Administrator | No |
| roles | List of Kubernetes RBAC roles | [] | No |
| kubernetesVersion | Kubernetes version (e.g., 1.27, 1.28) | 1.28 | No |
| workloadIdentityEnabled | Enable Workload Identity for pod authentication | true | No |
| privateClusterDisabled | Disable private cluster mode | false | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.PaaS.GKE",
"parameters": {
"networkName": "my-vpc",
"networkPolicyProvider": "CALICO",
"masterIpv4CidrBlock": "172.16.0.0/28",
"subnetworkIpRange": "10.0.0.0/20",
"nodePools": [],
"subnetworkName": "my-subnet",
"podsRangeName": "pods-range",
"servicesRangeName": "services-range",
"serviceIpRange": "172.20.0.0/16",
"podIpRange": "172.21.0.0/16",
"priorityClasses": [],
"windowsAdminUsername": "Administrator",
"roles": [],
"kubernetesVersion": "1.28",
"workloadIdentityEnabled": true,
"privateClusterDisabled": false
}
}
NetworkAndCompute.PaaS.Kubernetes
Kubernetes is a generic Kubernetes cluster offering in GCP.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| networkName | VPC network name for the cluster | my-vpc | No |
| networkPolicyProvider | Network policy provider: CALICO | CALICO | No |
| masterIpv4CidrBlock | CIDR block for the control plane | 172.16.0.0/28 | No |
| subnetworkIpRange | CIDR range for the subnetwork | 10.0.0.0/20 | No |
| nodePools | List of node pool configurations | [] | No |
| subnetworkName | Name of the subnetwork for the cluster | my-subnet | No |
| podsRangeName | Secondary IP range name for pods | pods-range | No |
| servicesRangeName | Secondary IP range name for services | services-range | No |
| serviceIpRange | CIDR range for services | 172.20.0.0/16 | No |
| podIpRange | CIDR range for pods | 172.21.0.0/16 | No |
| priorityClasses | List of priority class configurations | [] | No |
| windowsAdminUsername | Windows node pool admin username | Administrator | No |
| roles | List of Kubernetes RBAC roles | [] | No |
| kubernetesVersion | Kubernetes version (e.g., 1.27, 1.28) | 1.28 | No |
| workloadIdentityEnabled | Enable Workload Identity for pod authentication | true | No |
| privateClusterDisabled | Disable private cluster mode | false | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.PaaS.Kubernetes",
"parameters": {
"networkName": "my-vpc",
"networkPolicyProvider": "CALICO",
"masterIpv4CidrBlock": "172.16.0.0/28",
"subnetworkIpRange": "10.0.0.0/20",
"nodePools": [],
"subnetworkName": "my-subnet",
"podsRangeName": "pods-range",
"servicesRangeName": "services-range",
"serviceIpRange": "172.20.0.0/16",
"podIpRange": "172.21.0.0/16",
"priorityClasses": [],
"windowsAdminUsername": "Administrator",
"roles": [],
"kubernetesVersion": "1.28",
"workloadIdentityEnabled": true,
"privateClusterDisabled": false
}
}
NetworkAndCompute.SaaS.Unmanaged
Unmanaged NetworkAndCompute component, externally provisioned with credentials supplied at deployment time.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the externally managed secret | external-network-service | No |
| secretValue | Credentials or configuration string for the external network service | {"api_key": "..."} | Yes |
Example (fully parameterized):
{
"type": "NetworkAndCompute.SaaS.Unmanaged",
"parameters": {
"secretName": "external-network-service",
"secretValue": "{\"api_key\": \"...\"}"
}
}
Observability
Observability.CaaS.Elastic
Elastic (Elasticsearch) is a distributed search and analytics engine deployed in Kubernetes for log, metric, and trace storage.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| elasticVersion | Elasticsearch version | 8.11.0 | Yes |
| elasticInstances | Number of Elasticsearch data nodes | 3 | Yes |
| storage | Storage allocation per node | 50Gi | Yes |
| storageClassName | Kubernetes storage class name | fast-ssd | No |
| memory | Memory allocation per node (GB) | 8 | No |
| cpu | CPU allocation per node (cores) | 8 | No |
| isApmRequired | Deploy APM server for application performance monitoring | false | No |
| isKibanaRequired | Deploy Kibana for visualization | true | No |
| secrets | Map of secret configurations (TLS certs, etc.) | {} | No |
| namespace | Kubernetes namespace for deployment | elastic | Yes |
Example (fully parameterized):
{
"type": "Observability.CaaS.Elastic",
"parameters": {
"elasticVersion": "8.11.0",
"elasticInstances": 3,
"storage": "50Gi",
"storageClassName": "fast-ssd",
"memory": 8,
"cpu": 8,
"isApmRequired": false,
"isKibanaRequired": true,
"secrets": {},
"namespace": "elastic"
}
}
Observability.CaaS.Jaeger
Jaeger is a distributed tracing system deployed in Kubernetes for microservice observability.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| storageClassName | Kubernetes storage class for backend storage | standard | No |
| storageSettings | Map of storage backend configuration | {} | No |
| namespace | Kubernetes namespace for deployment | jaeger | Yes |
Example (fully parameterized):
{
"type": "Observability.CaaS.Jaeger",
"parameters": {
"storageClassName": "standard",
"storageSettings": {},
"namespace": "jaeger"
}
}
Observability.CaaS.Prometheus
Prometheus is a metrics collection and alerting system deployed in Kubernetes.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| grafanaConfigSecretId | GCP Secret Manager secret ID for Grafana configuration | projects/my-project/secrets/grafana-config | No |
| namespace | Kubernetes namespace for deployment | prometheus | Yes |
Example (fully parameterized):
{
"type": "Observability.CaaS.Prometheus",
"parameters": {
"grafanaConfigSecretId": "projects/my-project/secrets/grafana-config",
"namespace": "prometheus"
}
}
Observability.SaaS.Elastic
External Elastic (Elasticsearch) service with connection parameters.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| kibanaUri | URI of the external Kibana instance | https://kibana.example.com | Yes |
| version | Elasticsearch version | 8.11.0 | Yes |
| operatorVersion | Elasticsearch Operator version | 2.12.0 | Yes |
Example (fully parameterized):
{
"type": "Observability.SaaS.Elastic",
"parameters": {
"kibanaUri": "https://kibana.example.com",
"version": "8.11.0",
"operatorVersion": "2.12.0"
}
}
Observability.SaaS.Jaeger
External Jaeger service with connection parameters.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| frontendUri | URI of the external Jaeger UI | https://jaeger.example.com | Yes |
| version | Jaeger version | 1.50.0 | Yes |
Example (fully parameterized):
{
"type": "Observability.SaaS.Jaeger",
"parameters": {
"frontendUri": "https://jaeger.example.com",
"version": "1.50.0"
}
}
Observability.SaaS.Prometheus
External Prometheus service with connection parameters.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| apiGatewayUrl | URL of the Prometheus API endpoint | https://prometheus.example.com | Yes |
| grafanaConfigSecretId | GCP Secret Manager secret ID for Grafana configuration | projects/my-project/secrets/grafana-config | Yes |
Example (fully parameterized):
{
"type": "Observability.SaaS.Prometheus",
"parameters": {
"apiGatewayUrl": "https://prometheus.example.com",
"grafanaConfigSecretId": "projects/my-project/secrets/grafana-config"
}
}
Security
Security.CaaS.Ocelot
Ocelot is an identity proxy deployed in Kubernetes, providing authentication and authorization for microservices.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| host | Hostname/domain for the Ocelot service | auth.example.com | Yes |
| corsOrigins | List of allowed CORS origins | ["https://app.example.com"] | No |
| cookieMaxAgeSec | Maximum age of session cookies in seconds | 900 | No |
| pathPrefix | URL path prefix for Ocelot endpoints | /* | No |
| roles | List of role configurations | [] | No |
| namespace | Kubernetes namespace for deployment | ocelot | Yes |
Example (fully parameterized):
{
"type": "Security.CaaS.Ocelot",
"parameters": {
"host": "auth.example.com",
"corsOrigins": ["https://app.example.com"],
"cookieMaxAgeSec": 900,
"pathPrefix": "/*",
"roles": [],
"namespace": "ocelot"
}
}
Security.SaaS.Unmanaged
Unmanaged Security component, externally provisioned with credentials supplied at deployment time.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the externally managed secret | external-security-service | No |
| secretValue | Credentials or configuration string for the external security service | {"api_key": "..."} | Yes |
Example (fully parameterized):
{
"type": "Security.SaaS.Unmanaged",
"parameters": {
"secretName": "external-security-service",
"secretValue": "{\"api_key\": \"...\"}"
}
}
Storage
Storage.CaaS.CnpgCluster
CNPG (CloudNativePG) is a PostgreSQL cluster operator for Kubernetes, providing high-availability database management.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| instances | Number of PostgreSQL replicas | 3 | No |
| postgresqlVersion | PostgreSQL version | 17.2 | No |
| storageSize | Persistent volume size for data | 10Gi | No |
| storageClass | Kubernetes storage class name | standard | No |
| cpuRequest | CPU request per pod | 500m | No |
| cpuLimit | CPU limit per pod | 1 | No |
| memoryRequest | Memory request per pod | 512Mi | No |
| memoryLimit | Memory limit per pod | 1Gi | No |
| database | Default database name | app | No |
| databaseOwner | Database owner username | app | No |
| enableSuperuserAccess | Enable superuser account creation | false | No |
| namespace | Kubernetes namespace for deployment | cnpg | Yes |
Example (fully parameterized):
{
"type": "Storage.CaaS.CnpgCluster",
"parameters": {
"instances": 3,
"postgresqlVersion": "17.2",
"storageSize": "10Gi",
"storageClass": "standard",
"cpuRequest": "500m",
"cpuLimit": "1",
"memoryRequest": "512Mi",
"memoryLimit": "1Gi",
"database": "app",
"databaseOwner": "app",
"enableSuperuserAccess": false,
"namespace": "cnpg"
}
}
Storage.CaaS.CnpgDatabase
CNPG Database is a logical database within a CNPG cluster.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| databaseName | Database name | app | No |
| databaseOwner | Database owner username | app | No |
| encoding | Character encoding | UTF8 | No |
| localeCollate | Locale for collation (e.g., en_US.UTF-8) | en_US.UTF-8 | No |
| localeCType | Locale for character type | en_US.UTF-8 | No |
| cnpgClusterName | Name of the parent CNPG cluster | postgres-cluster | Yes |
| namespace | Kubernetes namespace where the database is created | cnpg | Yes |
Example (fully parameterized):
{
"type": "Storage.CaaS.CnpgDatabase",
"parameters": {
"databaseName": "app",
"databaseOwner": "app",
"encoding": "UTF8",
"localeCollate": "en_US.UTF-8",
"localeCType": "en_US.UTF-8",
"cnpgClusterName": "postgres-cluster",
"namespace": "cnpg"
}
}
Storage.CaaS.Elastic
Elastic (Elasticsearch) is a distributed search and analytics engine deployed in Kubernetes for log, metric, and trace storage.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| elasticVersion | Elasticsearch version | 8.11.0 | Yes |
| elasticInstances | Number of Elasticsearch data nodes | 3 | Yes |
| storage | Storage allocation per node | 50Gi | Yes |
| storageClassName | Kubernetes storage class name | fast-ssd | No |
| memory | Memory allocation per node (GB) | 8 | No |
| cpu | CPU allocation per node (cores) | 8 | No |
| isApmRequired | Deploy APM server for application performance monitoring | false | No |
| isKibanaRequired | Deploy Kibana for visualization | true | No |
| secrets | Map of secret configurations (TLS certs, etc.) | {} | No |
| namespace | Kubernetes namespace for deployment | elastic | Yes |
Example (fully parameterized):
{
"type": "Storage.CaaS.Elastic",
"parameters": {
"elasticVersion": "8.11.0",
"elasticInstances": 3,
"storage": "50Gi",
"storageClassName": "fast-ssd",
"memory": 8,
"cpu": 8,
"isApmRequired": false,
"isKibanaRequired": true,
"secrets": {},
"namespace": "elastic"
}
}
Storage.CaaS.MinioTenant
MinIO is a high-performance object storage server deployed in Kubernetes, compatible with the S3 API and supporting distributed storage across multiple servers.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| minioVersion | MinIO release version | RELEASE.2025-03-12T18-04-18Z | No |
| servers | Number of MinIO server pods | 4 | No |
| volumesPerServer | Number of persistent volumes per server | 4 | No |
| volumeSize | Size of each volume | 100Gi | No |
| storageClass | Kubernetes storage class for volumes | standard | No |
| cpuRequest | CPU request per pod | 500m | No |
| cpuLimit | CPU limit per pod | 2 | No |
| memoryRequest | Memory request per pod | 1Gi | No |
| memoryLimit | Memory limit per pod | 4Gi | No |
| requestAutoCert | Automatically request TLS certificate | true | No |
| namespace | Kubernetes namespace for deployment | minio | Yes |
Example (fully parameterized):
{
"type": "Storage.CaaS.MinioTenant",
"parameters": {
"minioVersion": "RELEASE.2025-03-12T18-04-18Z",
"servers": 4,
"volumesPerServer": 4,
"volumeSize": "100Gi",
"storageClass": "standard",
"cpuRequest": "500m",
"cpuLimit": "2",
"memoryRequest": "1Gi",
"memoryLimit": "4Gi",
"requestAutoCert": true,
"namespace": "minio"
}
}
Storage.PaaS.BigTable
BigTable is a managed wide-column database in GCP for high-throughput, low-latency NoSQL workloads.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| zone | GCP zone for the BigTable cluster | europe-west1-b | No |
| clusterId | Cluster identifier (auto-generated if not provided) | <componentId>-c1 | Conditional — defaults to <componentId>-c1 when absent |
| nodes | Number of nodes in the cluster | 1 | No |
Example (fully parameterized):
{
"type": "Storage.PaaS.BigTable",
"parameters": {
"zone": "europe-west1-b",
"clusterId": "my-cluster-c1",
"nodes": 1
}
}
Storage.PaaS.BigTableTable
BigTableTable is a table within a BigTable instance.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| instanceId | BigTable instance ID | my-instance | Yes |
| columnFamilies | List of column family names | ["cf1"] | No |
Example (fully parameterized):
{
"type": "Storage.PaaS.BigTableTable",
"parameters": {
"instanceId": "my-instance",
"columnFamilies": ["cf1"]
}
}
Storage.PaaS.CloudStorage
CloudStorage is a managed object storage bucket in GCP Cloud Storage for data lake and archival use cases.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| bucketName | GCS bucket name (must be globally unique) | my-data-bucket-456 | No |
| region | GCP region or multi-region for the bucket | EU, US | No |
| storageClass | Storage class: STANDARD, NEARLINE, COLDLINE, ARCHIVE | STANDARD | No |
| versioningEnabled | Enable object versioning | false | No |
| uniformBucketLevelAccess | Enforce Uniform Bucket-Level Access (disable ACLs) | true | No |
Example (fully parameterized):
{
"type": "Storage.PaaS.CloudStorage",
"parameters": {
"bucketName": "my-data-bucket-456",
"region": "EU",
"storageClass": "STANDARD",
"versioningEnabled": false,
"uniformBucketLevelAccess": true
}
}
Storage.PaaS.Collection
Collection is a Firestore document collection (subcollection or root collection).
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| database | Firestore database name | (default) | No |
| path | Path to the collection (auto-set to component ID if absent) | Conditional — defaults to the component id when absent |
Example (fully parameterized):
{
"type": "Storage.PaaS.Collection",
"parameters": {
"database": "(default)",
"path": "/users"
}
}
Storage.PaaS.DataflowJob
DataflowJob is a Dataflow job for batch or streaming data processing.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| jobId | Dataflow job ID (auto-generated if not provided) | my-dataflow-job | No |
| location | GCP region for the job | europe-west1 | No |
Example (fully parameterized):
{
"type": "Storage.PaaS.DataflowJob",
"parameters": {
"jobId": "my-dataflow-job",
"location": "europe-west1"
}
}
Storage.PaaS.Firestore
Firestore is a managed, serverless NoSQL document database in GCP.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| location | Firestore database location (eur3 = multi-region EU, us-central = US multi-region) | eur3 | No |
| type | Database type: FIRESTORE_NATIVE or DATASTORE_MODE | FIRESTORE_NATIVE | No |
Example (fully parameterized):
{
"type": "Storage.PaaS.Firestore",
"parameters": {
"location": "eur3",
"type": "FIRESTORE_NATIVE"
}
}
Storage.PaaS.PostgreSqlDatabase
PostgreSqlDatabase is a logical database within a Cloud SQL PostgreSQL instance.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| charset | Character set for the database | UTF8 | No |
| collation | Collation order for string comparison | en_US.UTF8 | No |
| createPostgresCredentials | Automatically create postgres superuser credentials | false | No |
Example (fully parameterized):
{
"type": "Storage.PaaS.PostgreSqlDatabase",
"parameters": {
"charset": "UTF8",
"collation": "en_US.UTF8",
"createPostgresCredentials": false
}
}
Storage.PaaS.PostgreSqlDbms
PostgreSqlDbms is a managed PostgreSQL database management system (instance) in GCP Cloud SQL.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| region | GCP region for the Cloud SQL instance | europe-west1 | No |
Example (fully parameterized):
{
"type": "Storage.PaaS.PostgreSqlDbms",
"parameters": {
"region": "europe-west1"
}
}
Storage.SaaS.Unmanaged
Unmanaged Storage component, externally provisioned with credentials supplied at deployment time.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the externally managed secret | external-storage-service | No |
| secretValue | Credentials or configuration string for the external storage service | {"connection_string": "..."} | Yes |
Example (fully parameterized):
{
"type": "Storage.SaaS.Unmanaged",
"parameters": {
"secretName": "external-storage-service",
"secretValue": "{\"connection_string\": \"...\"}"
}
}