Docs Home
Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi
gcp.container.Cluster
Explore with Pulumi AI
Manages a Google Kubernetes Engine (GKE) cluster.
To get more information about GKE clusters, see:
On version 5.0.0+ of the provider, you must explicitly set
deletion_protection = falseand runpulumi upto write the field to state in order to destroy a cluster.
All arguments and attributes (including certificate outputs) will be stored in the raw state as plaintext. Read more about secrets in state.
Example Usage
With A Separately Managed Node Pool (Recommended)
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.serviceaccount.Account("default", {
accountId: "service-account-id",
displayName: "Service Account",
});
const primary = new gcp.container.Cluster("primary", {
name: "my-gke-cluster",
location: "us-central1",
removeDefaultNodePool: true,
initialNodeCount: 1,
});
const primaryPreemptibleNodes = new gcp.container.NodePool("primary_preemptible_nodes", {
name: "my-node-pool",
location: "us-central1",
cluster: primary.name,
nodeCount: 1,
nodeConfig: {
preemptible: true,
machineType: "e2-medium",
serviceAccount: _default.email,
oauthScopes: ["https://www.googleapis.com/auth/cloud-platform"],
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.serviceaccount.Account("default",
account_id="service-account-id",
display_name="Service Account")
primary = gcp.container.Cluster("primary",
name="my-gke-cluster",
location="us-central1",
remove_default_node_pool=True,
initial_node_count=1)
primary_preemptible_nodes = gcp.container.NodePool("primary_preemptible_nodes",
name="my-node-pool",
location="us-central1",
cluster=primary.name,
node_count=1,
node_config={
"preemptible": True,
"machine_type": "e2-medium",
"service_account": default.email,
"oauth_scopes": ["https://www.googleapis.com/auth/cloud-platform"],
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := serviceaccount.NewAccount(ctx, "default", &serviceaccount.AccountArgs{
AccountId: pulumi.String("service-account-id"),
DisplayName: pulumi.String("Service Account"),
})
if err != nil {
return err
}
primary, err := container.NewCluster(ctx, "primary", &container.ClusterArgs{
Name: pulumi.String("my-gke-cluster"),
Location: pulumi.String("us-central1"),
RemoveDefaultNodePool: pulumi.Bool(true),
InitialNodeCount: pulumi.Int(1),
})
if err != nil {
return err
}
_, err = container.NewNodePool(ctx, "primary_preemptible_nodes", &container.NodePoolArgs{
Name: pulumi.String("my-node-pool"),
Location: pulumi.String("us-central1"),
Cluster: primary.Name,
NodeCount: pulumi.Int(1),
NodeConfig: &container.NodePoolNodeConfigArgs{
Preemptible: pulumi.Bool(true),
MachineType: pulumi.String("e2-medium"),
ServiceAccount: _default.Email,
OauthScopes: pulumi.StringArray{
pulumi.String("https://www.googleapis.com/auth/cloud-platform"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.ServiceAccount.Account("default", new()
{
AccountId = "service-account-id",
DisplayName = "Service Account",
});
var primary = new Gcp.Container.Cluster("primary", new()
{
Name = "my-gke-cluster",
Location = "us-central1",
RemoveDefaultNodePool = true,
InitialNodeCount = 1,
});
var primaryPreemptibleNodes = new Gcp.Container.NodePool("primary_preemptible_nodes", new()
{
Name = "my-node-pool",
Location = "us-central1",
Cluster = primary.Name,
NodeCount = 1,
NodeConfig = new Gcp.Container.Inputs.NodePoolNodeConfigArgs
{
Preemptible = true,
MachineType = "e2-medium",
ServiceAccount = @default.Email,
OauthScopes = new[]
{
"https://www.googleapis.com/auth/cloud-platform",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.Account;
import com.pulumi.gcp.serviceaccount.AccountArgs;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.container.NodePool;
import com.pulumi.gcp.container.NodePoolArgs;
import com.pulumi.gcp.container.inputs.NodePoolNodeConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Account("default", AccountArgs.builder()
.accountId("service-account-id")
.displayName("Service Account")
.build());
var primary = new Cluster("primary", ClusterArgs.builder()
.name("my-gke-cluster")
.location("us-central1")
.removeDefaultNodePool(true)
.initialNodeCount(1)
.build());
var primaryPreemptibleNodes = new NodePool("primaryPreemptibleNodes", NodePoolArgs.builder()
.name("my-node-pool")
.location("us-central1")
.cluster(primary.name())
.nodeCount(1)
.nodeConfig(NodePoolNodeConfigArgs.builder()
.preemptible(true)
.machineType("e2-medium")
.serviceAccount(default_.email())
.oauthScopes("https://www.googleapis.com/auth/cloud-platform")
.build())
.build());
}
}
resources:
default:
type: gcp:serviceaccount:Account
properties:
accountId: service-account-id
displayName: Service Account
primary:
type: gcp:container:Cluster
properties:
name: my-gke-cluster
location: us-central1
removeDefaultNodePool: true
initialNodeCount: 1
primaryPreemptibleNodes:
type: gcp:container:NodePool
name: primary_preemptible_nodes
properties:
name: my-node-pool
location: us-central1
cluster: ${primary.name}
nodeCount: 1
nodeConfig:
preemptible: true
machineType: e2-medium
serviceAccount: ${default.email}
oauthScopes:
- https://www.googleapis.com/auth/cloud-platform
Note: It is recommended that node pools be created and managed as separate resources as in the example above. This allows node pools to be added and removed without recreating the cluster. Node pools defined directly in the
gcp.container.Clusterresource cannot be removed without re-creating the cluster.
With The Default Node Pool
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.serviceaccount.Account("default", {
accountId: "service-account-id",
displayName: "Service Account",
});
const primary = new gcp.container.Cluster("primary", {
name: "marcellus-wallace",
location: "us-central1-a",
initialNodeCount: 3,
nodeConfig: {
serviceAccount: _default.email,
oauthScopes: ["https://www.googleapis.com/auth/cloud-platform"],
labels: {
foo: "bar",
},
tags: [
"foo",
"bar",
],
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.serviceaccount.Account("default",
account_id="service-account-id",
display_name="Service Account")
primary = gcp.container.Cluster("primary",
name="marcellus-wallace",
location="us-central1-a",
initial_node_count=3,
node_config={
"service_account": default.email,
"oauth_scopes": ["https://www.googleapis.com/auth/cloud-platform"],
"labels": {
"foo": "bar",
},
"tags": [
"foo",
"bar",
],
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := serviceaccount.NewAccount(ctx, "default", &serviceaccount.AccountArgs{
AccountId: pulumi.String("service-account-id"),
DisplayName: pulumi.String("Service Account"),
})
if err != nil {
return err
}
_, err = container.NewCluster(ctx, "primary", &container.ClusterArgs{
Name: pulumi.String("marcellus-wallace"),
Location: pulumi.String("us-central1-a"),
InitialNodeCount: pulumi.Int(3),
NodeConfig: &container.ClusterNodeConfigArgs{
ServiceAccount: _default.Email,
OauthScopes: pulumi.StringArray{
pulumi.String("https://www.googleapis.com/auth/cloud-platform"),
},
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Tags: pulumi.StringArray{
pulumi.String("foo"),
pulumi.String("bar"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.ServiceAccount.Account("default", new()
{
AccountId = "service-account-id",
DisplayName = "Service Account",
});
var primary = new Gcp.Container.Cluster("primary", new()
{
Name = "marcellus-wallace",
Location = "us-central1-a",
InitialNodeCount = 3,
NodeConfig = new Gcp.Container.Inputs.ClusterNodeConfigArgs
{
ServiceAccount = @default.Email,
OauthScopes = new[]
{
"https://www.googleapis.com/auth/cloud-platform",
},
Labels =
{
{ "foo", "bar" },
},
Tags = new[]
{
"foo",
"bar",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.Account;
import com.pulumi.gcp.serviceaccount.AccountArgs;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.container.inputs.ClusterNodeConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Account("default", AccountArgs.builder()
.accountId("service-account-id")
.displayName("Service Account")
.build());
var primary = new Cluster("primary", ClusterArgs.builder()
.name("marcellus-wallace")
.location("us-central1-a")
.initialNodeCount(3)
.nodeConfig(ClusterNodeConfigArgs.builder()
.serviceAccount(default_.email())
.oauthScopes("https://www.googleapis.com/auth/cloud-platform")
.labels(Map.of("foo", "bar"))
.tags(
"foo",
"bar")
.build())
.build());
}
}
resources:
default:
type: gcp:serviceaccount:Account
properties:
accountId: service-account-id
displayName: Service Account
primary:
type: gcp:container:Cluster
properties:
name: marcellus-wallace
location: us-central1-a
initialNodeCount: 3
nodeConfig:
serviceAccount: ${default.email}
oauthScopes:
- https://www.googleapis.com/auth/cloud-platform
labels:
foo: bar
tags:
- foo
- bar
Autopilot
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.serviceaccount.Account("default", {
accountId: "service-account-id",
displayName: "Service Account",
});
const primary = new gcp.container.Cluster("primary", {
name: "marcellus-wallace",
location: "us-central1-a",
enableAutopilot: true,
});
import pulumi
import pulumi_gcp as gcp
default = gcp.serviceaccount.Account("default",
account_id="service-account-id",
display_name="Service Account")
primary = gcp.container.Cluster("primary",
name="marcellus-wallace",
location="us-central1-a",
enable_autopilot=True)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := serviceaccount.NewAccount(ctx, "default", &serviceaccount.AccountArgs{
AccountId: pulumi.String("service-account-id"),
DisplayName: pulumi.String("Service Account"),
})
if err != nil {
return err
}
_, err = container.NewCluster(ctx, "primary", &container.ClusterArgs{
Name: pulumi.String("marcellus-wallace"),
Location: pulumi.String("us-central1-a"),
EnableAutopilot: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.ServiceAccount.Account("default", new()
{
AccountId = "service-account-id",
DisplayName = "Service Account",
});
var primary = new Gcp.Container.Cluster("primary", new()
{
Name = "marcellus-wallace",
Location = "us-central1-a",
EnableAutopilot = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.Account;
import com.pulumi.gcp.serviceaccount.AccountArgs;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Account("default", AccountArgs.builder()
.accountId("service-account-id")
.displayName("Service Account")
.build());
var primary = new Cluster("primary", ClusterArgs.builder()
.name("marcellus-wallace")
.location("us-central1-a")
.enableAutopilot(true)
.build());
}
}
resources:
default:
type: gcp:serviceaccount:Account
properties:
accountId: service-account-id
displayName: Service Account
primary:
type: gcp:container:Cluster
properties:
name: marcellus-wallace
location: us-central1-a
enableAutopilot: true
Create Cluster Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Cluster(name: string, args?: ClusterArgs, opts?: CustomResourceOptions);@overload
def Cluster(resource_name: str,
args: Optional[ClusterArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Cluster(resource_name: str,
opts: Optional[ResourceOptions] = None,
addons_config: Optional[ClusterAddonsConfigArgs] = None,
allow_net_admin: Optional[bool] = None,
authenticator_groups_config: Optional[ClusterAuthenticatorGroupsConfigArgs] = None,
binary_authorization: Optional[ClusterBinaryAuthorizationArgs] = None,
cluster_autoscaling: Optional[ClusterClusterAutoscalingArgs] = None,
cluster_ipv4_cidr: Optional[str] = None,
cluster_telemetry: Optional[ClusterClusterTelemetryArgs] = None,
confidential_nodes: Optional[ClusterConfidentialNodesArgs] = None,
control_plane_endpoints_config: Optional[ClusterControlPlaneEndpointsConfigArgs] = None,
cost_management_config: Optional[ClusterCostManagementConfigArgs] = None,
database_encryption: Optional[ClusterDatabaseEncryptionArgs] = None,
datapath_provider: Optional[str] = None,
default_max_pods_per_node: Optional[int] = None,
default_snat_status: Optional[ClusterDefaultSnatStatusArgs] = None,
deletion_protection: Optional[bool] = None,
description: Optional[str] = None,
dns_config: Optional[ClusterDnsConfigArgs] = None,
enable_autopilot: Optional[bool] = None,
enable_cilium_clusterwide_network_policy: Optional[bool] = None,
enable_fqdn_network_policy: Optional[bool] = None,
enable_intranode_visibility: Optional[bool] = None,
enable_k8s_beta_apis: Optional[ClusterEnableK8sBetaApisArgs] = None,
enable_kubernetes_alpha: Optional[bool] = None,
enable_l4_ilb_subsetting: Optional[bool] = None,
enable_legacy_abac: Optional[bool] = None,
enable_multi_networking: Optional[bool] = None,
enable_shielded_nodes: Optional[bool] = None,
enable_tpu: Optional[bool] = None,
enterprise_config: Optional[ClusterEnterpriseConfigArgs] = None,
fleet: Optional[ClusterFleetArgs] = None,
gateway_api_config: Optional[ClusterGatewayApiConfigArgs] = None,
identity_service_config: Optional[ClusterIdentityServiceConfigArgs] = None,
initial_node_count: Optional[int] = None,
ip_allocation_policy: Optional[ClusterIpAllocationPolicyArgs] = None,
location: Optional[str] = None,
logging_config: Optional[ClusterLoggingConfigArgs] = None,
logging_service: Optional[str] = None,
maintenance_policy: Optional[ClusterMaintenancePolicyArgs] = None,
master_auth: Optional[ClusterMasterAuthArgs] = None,
master_authorized_networks_config: Optional[ClusterMasterAuthorizedNetworksConfigArgs] = None,
mesh_certificates: Optional[ClusterMeshCertificatesArgs] = None,
min_master_version: Optional[str] = None,
monitoring_config: Optional[ClusterMonitoringConfigArgs] = None,
monitoring_service: Optional[str] = None,
name: Optional[str] = None,
network: Optional[str] = None,
network_policy: Optional[ClusterNetworkPolicyArgs] = None,
networking_mode: Optional[str] = None,
node_config: Optional[ClusterNodeConfigArgs] = None,
node_locations: Optional[Sequence[str]] = None,
node_pool_auto_config: Optional[ClusterNodePoolAutoConfigArgs] = None,
node_pool_defaults: Optional[ClusterNodePoolDefaultsArgs] = None,
node_pools: Optional[Sequence[ClusterNodePoolArgs]] = None,
node_version: Optional[str] = None,
notification_config: Optional[ClusterNotificationConfigArgs] = None,
pod_security_policy_config: Optional[ClusterPodSecurityPolicyConfigArgs] = None,
private_cluster_config: Optional[ClusterPrivateClusterConfigArgs] = None,
private_ipv6_google_access: Optional[str] = None,
project: Optional[str] = None,
protect_config: Optional[ClusterProtectConfigArgs] = None,
release_channel: Optional[ClusterReleaseChannelArgs] = None,
remove_default_node_pool: Optional[bool] = None,
resource_labels: Optional[Mapping[str, str]] = None,
resource_usage_export_config: Optional[ClusterResourceUsageExportConfigArgs] = None,
secret_manager_config: Optional[ClusterSecretManagerConfigArgs] = None,
security_posture_config: Optional[ClusterSecurityPostureConfigArgs] = None,
service_external_ips_config: Optional[ClusterServiceExternalIpsConfigArgs] = None,
subnetwork: Optional[str] = None,
tpu_config: Optional[ClusterTpuConfigArgs] = None,
user_managed_keys_config: Optional[ClusterUserManagedKeysConfigArgs] = None,
vertical_pod_autoscaling: Optional[ClusterVerticalPodAutoscalingArgs] = None,
workload_alts_config: Optional[ClusterWorkloadAltsConfigArgs] = None,
workload_identity_config: Optional[ClusterWorkloadIdentityConfigArgs] = None)func NewCluster(ctx *Context, name string, args *ClusterArgs, opts ...ResourceOption) (*Cluster, error)public Cluster(string name, ClusterArgs? args = null, CustomResourceOptions? opts = null)
public Cluster(String name, ClusterArgs args)
public Cluster(String name, ClusterArgs args, CustomResourceOptions options)
type: gcp:container:Cluster
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var gcpClusterResource = new Gcp.Container.Cluster("gcpClusterResource", new()
{
AddonsConfig = new Gcp.Container.Inputs.ClusterAddonsConfigArgs
{
CloudrunConfig = new Gcp.Container.Inputs.ClusterAddonsConfigCloudrunConfigArgs
{
Disabled = false,
LoadBalancerType = "string",
},
ConfigConnectorConfig = new Gcp.Container.Inputs.ClusterAddonsConfigConfigConnectorConfigArgs
{
Enabled = false,
},
DnsCacheConfig = new Gcp.Container.Inputs.ClusterAddonsConfigDnsCacheConfigArgs
{
Enabled = false,
},
GcePersistentDiskCsiDriverConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGcePersistentDiskCsiDriverConfigArgs
{
Enabled = false,
},
GcpFilestoreCsiDriverConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGcpFilestoreCsiDriverConfigArgs
{
Enabled = false,
},
GcsFuseCsiDriverConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGcsFuseCsiDriverConfigArgs
{
Enabled = false,
},
GkeBackupAgentConfig = new Gcp.Container.Inputs.ClusterAddonsConfigGkeBackupAgentConfigArgs
{
Enabled = false,
},
HorizontalPodAutoscaling = new Gcp.Container.Inputs.ClusterAddonsConfigHorizontalPodAutoscalingArgs
{
Disabled = false,
},
HttpLoadBalancing = new Gcp.Container.Inputs.ClusterAddonsConfigHttpLoadBalancingArgs
{
Disabled = false,
},
IstioConfig = new Gcp.Container.Inputs.ClusterAddonsConfigIstioConfigArgs
{
Disabled = false,
Auth = "string",
},
KalmConfig = new Gcp.Container.Inputs.ClusterAddonsConfigKalmConfigArgs
{
Enabled = false,
},
NetworkPolicyConfig = new Gcp.Container.Inputs.ClusterAddonsConfigNetworkPolicyConfigArgs
{
Disabled = false,
},
ParallelstoreCsiDriverConfig = new Gcp.Container.Inputs.ClusterAddonsConfigParallelstoreCsiDriverConfigArgs
{
Enabled = false,
},
RayOperatorConfigs = new[]
{
new Gcp.Container.Inputs.ClusterAddonsConfigRayOperatorConfigArgs
{
Enabled = false,
RayClusterLoggingConfig = new Gcp.Container.Inputs.ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfigArgs
{
Enabled = false,
},
RayClusterMonitoringConfig = new Gcp.Container.Inputs.ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfigArgs
{
Enabled = false,
},
},
},
StatefulHaConfig = new Gcp.Container.Inputs.ClusterAddonsConfigStatefulHaConfigArgs
{
Enabled = false,
},
},
AllowNetAdmin = false,
AuthenticatorGroupsConfig = new Gcp.Container.Inputs.ClusterAuthenticatorGroupsConfigArgs
{
SecurityGroup = "string",
},
BinaryAuthorization = new Gcp.Container.Inputs.ClusterBinaryAuthorizationArgs
{
EvaluationMode = "string",
},
ClusterAutoscaling = new Gcp.Container.Inputs.ClusterClusterAutoscalingArgs
{
AutoProvisioningDefaults = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsArgs
{
BootDiskKmsKey = "string",
DiskSize = 0,
DiskType = "string",
ImageType = "string",
Management = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsManagementArgs
{
AutoRepair = false,
AutoUpgrade = false,
UpgradeOptions = new[]
{
new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArgs
{
AutoUpgradeStartTime = "string",
Description = "string",
},
},
},
MinCpuPlatform = "string",
OauthScopes = new[]
{
"string",
},
ServiceAccount = "string",
ShieldedInstanceConfig = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfigArgs
{
EnableIntegrityMonitoring = false,
EnableSecureBoot = false,
},
UpgradeSettings = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsArgs
{
BlueGreenSettings = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsArgs
{
NodePoolSoakDuration = "string",
StandardRolloutPolicy = new Gcp.Container.Inputs.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs
{
BatchNodeCount = 0,
BatchPercentage = 0,
BatchSoakDuration = "string",
},
},
MaxSurge = 0,
MaxUnavailable = 0,
Strategy = "string",
},
},
AutoProvisioningLocations = new[]
{
"string",
},
AutoscalingProfile = "string",
Enabled = false,
ResourceLimits = new[]
{
new Gcp.Container.Inputs.ClusterClusterAutoscalingResourceLimitArgs
{
Maximum = 0,
ResourceType = "string",
Minimum = 0,
},
},
},
ClusterIpv4Cidr = "string",
ClusterTelemetry = new Gcp.Container.Inputs.ClusterClusterTelemetryArgs
{
Type = "string",
},
ConfidentialNodes = new Gcp.Container.Inputs.ClusterConfidentialNodesArgs
{
Enabled = false,
},
ControlPlaneEndpointsConfig = new Gcp.Container.Inputs.ClusterControlPlaneEndpointsConfigArgs
{
DnsEndpointConfig = new Gcp.Container.Inputs.ClusterControlPlaneEndpointsConfigDnsEndpointConfigArgs
{
AllowExternalTraffic = false,
Endpoint = "string",
},
},
CostManagementConfig = new Gcp.Container.Inputs.ClusterCostManagementConfigArgs
{
Enabled = false,
},
DatabaseEncryption = new Gcp.Container.Inputs.ClusterDatabaseEncryptionArgs
{
State = "string",
KeyName = "string",
},
DatapathProvider = "string",
DefaultMaxPodsPerNode = 0,
DefaultSnatStatus = new Gcp.Container.Inputs.ClusterDefaultSnatStatusArgs
{
Disabled = false,
},
DeletionProtection = false,
Description = "string",
DnsConfig = new Gcp.Container.Inputs.ClusterDnsConfigArgs
{
AdditiveVpcScopeDnsDomain = "string",
ClusterDns = "string",
ClusterDnsDomain = "string",
ClusterDnsScope = "string",
},
EnableAutopilot = false,
EnableCiliumClusterwideNetworkPolicy = false,
EnableFqdnNetworkPolicy = false,
EnableIntranodeVisibility = false,
EnableK8sBetaApis = new Gcp.Container.Inputs.ClusterEnableK8sBetaApisArgs
{
EnabledApis = new[]
{
"string",
},
},
EnableKubernetesAlpha = false,
EnableL4IlbSubsetting = false,
EnableLegacyAbac = false,
EnableMultiNetworking = false,
EnableShieldedNodes = false,
EnableTpu = false,
EnterpriseConfig = new Gcp.Container.Inputs.ClusterEnterpriseConfigArgs
{
ClusterTier = "string",
DesiredTier = "string",
},
Fleet = new Gcp.Container.Inputs.ClusterFleetArgs
{
Membership = "string",
MembershipId = "string",
MembershipLocation = "string",
PreRegistered = false,
Project = "string",
},
GatewayApiConfig = new Gcp.Container.Inputs.ClusterGatewayApiConfigArgs
{
Channel = "string",
},
IdentityServiceConfig = new Gcp.Container.Inputs.ClusterIdentityServiceConfigArgs
{
Enabled = false,
},
InitialNodeCount = 0,
IpAllocationPolicy = new Gcp.Container.Inputs.ClusterIpAllocationPolicyArgs
{
AdditionalPodRangesConfig = new Gcp.Container.Inputs.ClusterIpAllocationPolicyAdditionalPodRangesConfigArgs
{
PodRangeNames = new[]
{
"string",
},
},
ClusterIpv4CidrBlock = "string",
ClusterSecondaryRangeName = "string",
PodCidrOverprovisionConfig = new Gcp.Container.Inputs.ClusterIpAllocationPolicyPodCidrOverprovisionConfigArgs
{
Disabled = false,
},
ServicesIpv4CidrBlock = "string",
ServicesSecondaryRangeName = "string",
StackType = "string",
},
Location = "string",
LoggingConfig = new Gcp.Container.Inputs.ClusterLoggingConfigArgs
{
EnableComponents = new[]
{
"string",
},
},
LoggingService = "string",
MaintenancePolicy = new Gcp.Container.Inputs.ClusterMaintenancePolicyArgs
{
DailyMaintenanceWindow = new Gcp.Container.Inputs.ClusterMaintenancePolicyDailyMaintenanceWindowArgs
{
StartTime = "string",
Duration = "string",
},
MaintenanceExclusions = new[]
{
new Gcp.Container.Inputs.ClusterMaintenancePolicyMaintenanceExclusionArgs
{
EndTime = "string",
ExclusionName = "string",
StartTime = "string",
ExclusionOptions = new Gcp.Container.Inputs.ClusterMaintenancePolicyMaintenanceExclusionExclusionOptionsArgs
{
Scope = "string",
},
},
},
RecurringWindow = new Gcp.Container.Inputs.ClusterMaintenancePolicyRecurringWindowArgs
{
EndTime = "string",
Recurrence = "string",
StartTime = "string",
},
},
MasterAuth = new Gcp.Container.Inputs.ClusterMasterAuthArgs
{
ClientCertificateConfig = new Gcp.Container.Inputs.ClusterMasterAuthClientCertificateConfigArgs
{
IssueClientCertificate = false,
},
ClientCertificate = "string",
ClientKey = "string",
ClusterCaCertificate = "string",
},
MasterAuthorizedNetworksConfig = new Gcp.Container.Inputs.ClusterMasterAuthorizedNetworksConfigArgs
{
CidrBlocks = new[]
{
new Gcp.Container.Inputs.ClusterMasterAuthorizedNetworksConfigCidrBlockArgs
{
CidrBlock = "string",
DisplayName = "string",
},
},
GcpPublicCidrsAccessEnabled = false,
PrivateEndpointEnforcementEnabled = false,
},
MeshCertificates = new Gcp.Container.Inputs.ClusterMeshCertificatesArgs
{
EnableCertificates = false,
},
MinMasterVersion = "string",
MonitoringConfig = new Gcp.Container.Inputs.ClusterMonitoringConfigArgs
{
AdvancedDatapathObservabilityConfig = new Gcp.Container.Inputs.ClusterMonitoringConfigAdvancedDatapathObservabilityConfigArgs
{
EnableMetrics = false,
EnableRelay = false,
},
EnableComponents = new[]
{
"string",
},
ManagedPrometheus = new Gcp.Container.Inputs.ClusterMonitoringConfigManagedPrometheusArgs
{
Enabled = false,
AutoMonitoringConfig = new Gcp.Container.Inputs.ClusterMonitoringConfigManagedPrometheusAutoMonitoringConfigArgs
{
Scope = "string",
},
},
},
MonitoringService = "string",
Name = "string",
Network = "string",
NetworkPolicy = new Gcp.Container.Inputs.ClusterNetworkPolicyArgs
{
Enabled = false,
Provider = "string",
},
NetworkingMode = "string",
NodeConfig = new Gcp.Container.Inputs.ClusterNodeConfigArgs
{
AdvancedMachineFeatures = new Gcp.Container.Inputs.ClusterNodeConfigAdvancedMachineFeaturesArgs
{
ThreadsPerCore = 0,
EnableNestedVirtualization = false,
},
BootDiskKmsKey = "string",
ConfidentialNodes = new Gcp.Container.Inputs.ClusterNodeConfigConfidentialNodesArgs
{
Enabled = false,
},
ContainerdConfig = new Gcp.Container.Inputs.ClusterNodeConfigContainerdConfigArgs
{
PrivateRegistryAccessConfig = new Gcp.Container.Inputs.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs
{
Enabled = false,
CertificateAuthorityDomainConfigs = new[]
{
new Gcp.Container.Inputs.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs
{
Fqdns = new[]
{
"string",
},
GcpSecretManagerCertificateConfig = new Gcp.Container.Inputs.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs
{
SecretUri = "string",
},
},
},
},
},
DiskSizeGb = 0,
DiskType = "string",
EffectiveTaints = new[]
{
new Gcp.Container.Inputs.ClusterNodeConfigEffectiveTaintArgs
{
Effect = "string",
Key = "string",
Value = "string",
},
},
EnableConfidentialStorage = false,
EphemeralStorageConfig = new Gcp.Container.Inputs.ClusterNodeConfigEphemeralStorageConfigArgs
{
LocalSsdCount = 0,
},
EphemeralStorageLocalSsdConfig = new Gcp.Container.Inputs.ClusterNodeConfigEphemeralStorageLocalSsdConfigArgs
{
LocalSsdCount = 0,
},
FastSocket = new Gcp.Container.Inputs.ClusterNodeConfigFastSocketArgs
{
Enabled = false,
},
GcfsConfig = new Gcp.Container.Inputs.ClusterNodeConfigGcfsConfigArgs
{
Enabled = false,
},
GuestAccelerators = new[]
{
new Gcp.Container.Inputs.ClusterNodeConfigGuestAcceleratorArgs
{
Count = 0,
Type = "string",
GpuDriverInstallationConfig = new Gcp.Container.Inputs.ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs
{
GpuDriverVersion = "string",
},
GpuPartitionSize = "string",
GpuSharingConfig = new Gcp.Container.Inputs.ClusterNodeConfigGuestAcceleratorGpuSharingConfigArgs
{
GpuSharingStrategy = "string",
MaxSharedClientsPerGpu = 0,
},
},
},
Gvnic = new Gcp.Container.Inputs.ClusterNodeConfigGvnicArgs
{
Enabled = false,
},
HostMaintenancePolicy = new Gcp.Container.Inputs.ClusterNodeConfigHostMaintenancePolicyArgs
{
MaintenanceInterval = "string",
},
ImageType = "string",
KubeletConfig = new Gcp.Container.Inputs.ClusterNodeConfigKubeletConfigArgs
{
AllowedUnsafeSysctls = new[]
{
"string",
},
ContainerLogMaxFiles = 0,
ContainerLogMaxSize = "string",
CpuCfsQuota = false,
CpuCfsQuotaPeriod = "string",
CpuManagerPolicy = "string",
ImageGcHighThresholdPercent = 0,
ImageGcLowThresholdPercent = 0,
ImageMaximumGcAge = "string",
ImageMinimumGcAge = "string",
InsecureKubeletReadonlyPortEnabled = "string",
PodPidsLimit = 0,
},
Labels =
{
{ "string", "string" },
},
LinuxNodeConfig = new Gcp.Container.Inputs.ClusterNodeConfigLinuxNodeConfigArgs
{
CgroupMode = "string",
HugepagesConfig = new Gcp.Container.Inputs.ClusterNodeConfigLinuxNodeConfigHugepagesConfigArgs
{
HugepageSize1g = 0,
HugepageSize2m = 0,
},
Sysctls =
{
{ "string", "string" },
},
},
LocalNvmeSsdBlockConfig = new Gcp.Container.Inputs.ClusterNodeConfigLocalNvmeSsdBlockConfigArgs
{
LocalSsdCount = 0,
},
LocalSsdCount = 0,
LocalSsdEncryptionMode = "string",
LoggingVariant = "string",
MachineType = "string",
MaxRunDuration = "string",
Metadata =
{
{ "string", "string" },
},
MinCpuPlatform = "string",
NodeGroup = "string",
OauthScopes = new[]
{
"string",
},
Preemptible = false,
ReservationAffinity = new Gcp.Container.Inputs.ClusterNodeConfigReservationAffinityArgs
{
ConsumeReservationType = "string",
Key = "string",
Values = new[]
{
"string",
},
},
ResourceLabels =
{
{ "string", "string" },
},
ResourceManagerTags =
{
{ "string", "string" },
},
SandboxConfig = new Gcp.Container.Inputs.ClusterNodeConfigSandboxConfigArgs
{
SandboxType = "string",
},
SecondaryBootDisks = new[]
{
new Gcp.Container.Inputs.ClusterNodeConfigSecondaryBootDiskArgs
{
DiskImage = "string",
Mode = "string",
},
},
ServiceAccount = "string",
ShieldedInstanceConfig = new Gcp.Container.Inputs.ClusterNodeConfigShieldedInstanceConfigArgs
{
EnableIntegrityMonitoring = false,
EnableSecureBoot = false,
},
SoleTenantConfig = new Gcp.Container.Inputs.ClusterNodeConfigSoleTenantConfigArgs
{
NodeAffinities = new[]
{
new Gcp.Container.Inputs.ClusterNodeConfigSoleTenantConfigNodeAffinityArgs
{
Key = "string",
Operator = "string",
Values = new[]
{
"string",
},
},
},
},
Spot = false,
StoragePools = new[]
{
"string",
},
Tags = new[]
{
"string",
},
Taints = new[]
{
new Gcp.Container.Inputs.ClusterNodeConfigTaintArgs
{
Effect = "string",
Key = "string",
Value = "string",
},
},
WorkloadMetadataConfig = new Gcp.Container.Inputs.ClusterNodeConfigWorkloadMetadataConfigArgs
{
Mode = "string",
},
},
NodeLocations = new[]
{
"string",
},
NodePoolAutoConfig = new Gcp.Container.Inputs.ClusterNodePoolAutoConfigArgs
{
LinuxNodeConfig = new Gcp.Container.Inputs.ClusterNodePoolAutoConfigLinuxNodeConfigArgs
{
CgroupMode = "string",
},
NetworkTags = new Gcp.Container.Inputs.ClusterNodePoolAutoConfigNetworkTagsArgs
{
Tags = new[]
{
"string",
},
},
NodeKubeletConfig = new Gcp.Container.Inputs.ClusterNodePoolAutoConfigNodeKubeletConfigArgs
{
InsecureKubeletReadonlyPortEnabled = "string",
},
ResourceManagerTags =
{
{ "string", "string" },
},
},
NodePoolDefaults = new Gcp.Container.Inputs.ClusterNodePoolDefaultsArgs
{
NodeConfigDefaults = new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsArgs
{
ContainerdConfig = new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs
{
PrivateRegistryAccessConfig = new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs
{
Enabled = false,
CertificateAuthorityDomainConfigs = new[]
{
new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs
{
Fqdns = new[]
{
"string",
},
GcpSecretManagerCertificateConfig = new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs
{
SecretUri = "string",
},
},
},
},
},
GcfsConfig = new Gcp.Container.Inputs.ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs
{
Enabled = false,
},
InsecureKubeletReadonlyPortEnabled = "string",
LoggingVariant = "string",
},
},
NodePools = new[]
{
new Gcp.Container.Inputs.ClusterNodePoolArgs
{
Autoscaling = new Gcp.Container.Inputs.ClusterNodePoolAutoscalingArgs
{
LocationPolicy = "string",
MaxNodeCount = 0,
MinNodeCount = 0,
TotalMaxNodeCount = 0,
TotalMinNodeCount = 0,
},
InitialNodeCount = 0,
InstanceGroupUrls = new[]
{
"string",
},
ManagedInstanceGroupUrls = new[]
{
"string",
},
Management = new Gcp.Container.Inputs.ClusterNodePoolManagementArgs
{
AutoRepair = false,
AutoUpgrade = false,
},
MaxPodsPerNode = 0,
Name = "string",
NamePrefix = "string",
NetworkConfig = new Gcp.Container.Inputs.ClusterNodePoolNetworkConfigArgs
{
AdditionalNodeNetworkConfigs = new[]
{
new Gcp.Container.Inputs.ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfigArgs
{
Network = "string",
Subnetwork = "string",
},
},
AdditionalPodNetworkConfigs = new[]
{
new Gcp.Container.Inputs.ClusterNodePoolNetworkConfigAdditionalPodNetworkConfigArgs
{
MaxPodsPerNode = 0,
SecondaryPodRange = "string",
Subnetwork = "string",
},
},
CreatePodRange = false,
EnablePrivateNodes = false,
NetworkPerformanceConfig = new Gcp.Container.Inputs.ClusterNodePoolNetworkConfigNetworkPerformanceConfigArgs
{
TotalEgressBandwidthTier = "string",
},
PodCidrOverprovisionConfig = new Gcp.Container.Inputs.ClusterNodePoolNetworkConfigPodCidrOverprovisionConfigArgs
{
Disabled = false,
},
PodIpv4CidrBlock = "string",
PodRange = "string",
},
NodeConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigArgs
{
AdvancedMachineFeatures = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs
{
ThreadsPerCore = 0,
EnableNestedVirtualization = false,
},
BootDiskKmsKey = "string",
ConfidentialNodes = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigConfidentialNodesArgs
{
Enabled = false,
},
ContainerdConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigContainerdConfigArgs
{
PrivateRegistryAccessConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs
{
Enabled = false,
CertificateAuthorityDomainConfigs = new[]
{
new Gcp.Container.Inputs.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs
{
Fqdns = new[]
{
"string",
},
GcpSecretManagerCertificateConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs
{
SecretUri = "string",
},
},
},
},
},
DiskSizeGb = 0,
DiskType = "string",
EffectiveTaints = new[]
{
new Gcp.Container.Inputs.ClusterNodePoolNodeConfigEffectiveTaintArgs
{
Effect = "string",
Key = "string",
Value = "string",
},
},
EnableConfidentialStorage = false,
EphemeralStorageConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigEphemeralStorageConfigArgs
{
LocalSsdCount = 0,
},
EphemeralStorageLocalSsdConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfigArgs
{
LocalSsdCount = 0,
},
FastSocket = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigFastSocketArgs
{
Enabled = false,
},
GcfsConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigGcfsConfigArgs
{
Enabled = false,
},
GuestAccelerators = new[]
{
new Gcp.Container.Inputs.ClusterNodePoolNodeConfigGuestAcceleratorArgs
{
Count = 0,
Type = "string",
GpuDriverInstallationConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs
{
GpuDriverVersion = "string",
},
GpuPartitionSize = "string",
GpuSharingConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfigArgs
{
GpuSharingStrategy = "string",
MaxSharedClientsPerGpu = 0,
},
},
},
Gvnic = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigGvnicArgs
{
Enabled = false,
},
HostMaintenancePolicy = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigHostMaintenancePolicyArgs
{
MaintenanceInterval = "string",
},
ImageType = "string",
KubeletConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigKubeletConfigArgs
{
AllowedUnsafeSysctls = new[]
{
"string",
},
ContainerLogMaxFiles = 0,
ContainerLogMaxSize = "string",
CpuCfsQuota = false,
CpuCfsQuotaPeriod = "string",
CpuManagerPolicy = "string",
ImageGcHighThresholdPercent = 0,
ImageGcLowThresholdPercent = 0,
ImageMaximumGcAge = "string",
ImageMinimumGcAge = "string",
InsecureKubeletReadonlyPortEnabled = "string",
PodPidsLimit = 0,
},
Labels =
{
{ "string", "string" },
},
LinuxNodeConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigLinuxNodeConfigArgs
{
CgroupMode = "string",
HugepagesConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfigArgs
{
HugepageSize1g = 0,
HugepageSize2m = 0,
},
Sysctls =
{
{ "string", "string" },
},
},
LocalNvmeSsdBlockConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfigArgs
{
LocalSsdCount = 0,
},
LocalSsdCount = 0,
LocalSsdEncryptionMode = "string",
LoggingVariant = "string",
MachineType = "string",
MaxRunDuration = "string",
Metadata =
{
{ "string", "string" },
},
MinCpuPlatform = "string",
NodeGroup = "string",
OauthScopes = new[]
{
"string",
},
Preemptible = false,
ReservationAffinity = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigReservationAffinityArgs
{
ConsumeReservationType = "string",
Key = "string",
Values = new[]
{
"string",
},
},
ResourceLabels =
{
{ "string", "string" },
},
ResourceManagerTags =
{
{ "string", "string" },
},
SandboxConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigSandboxConfigArgs
{
SandboxType = "string",
},
SecondaryBootDisks = new[]
{
new Gcp.Container.Inputs.ClusterNodePoolNodeConfigSecondaryBootDiskArgs
{
DiskImage = "string",
Mode = "string",
},
},
ServiceAccount = "string",
ShieldedInstanceConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigShieldedInstanceConfigArgs
{
EnableIntegrityMonitoring = false,
EnableSecureBoot = false,
},
SoleTenantConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigSoleTenantConfigArgs
{
NodeAffinities = new[]
{
new Gcp.Container.Inputs.ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinityArgs
{
Key = "string",
Operator = "string",
Values = new[]
{
"string",
},
},
},
},
Spot = false,
StoragePools = new[]
{
"string",
},
Tags = new[]
{
"string",
},
Taints = new[]
{
new Gcp.Container.Inputs.ClusterNodePoolNodeConfigTaintArgs
{
Effect = "string",
Key = "string",
Value = "string",
},
},
WorkloadMetadataConfig = new Gcp.Container.Inputs.ClusterNodePoolNodeConfigWorkloadMetadataConfigArgs
{
Mode = "string",
},
},
NodeCount = 0,
NodeLocations = new[]
{
"string",
},
PlacementPolicy = new Gcp.Container.Inputs.ClusterNodePoolPlacementPolicyArgs
{
Type = "string",
PolicyName = "string",
TpuTopology = "string",
},
QueuedProvisioning = new Gcp.Container.Inputs.ClusterNodePoolQueuedProvisioningArgs
{
Enabled = false,
},
UpgradeSettings = new Gcp.Container.Inputs.ClusterNodePoolUpgradeSettingsArgs
{
BlueGreenSettings = new Gcp.Container.Inputs.ClusterNodePoolUpgradeSettingsBlueGreenSettingsArgs
{
StandardRolloutPolicy = new Gcp.Container.Inputs.ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs
{
BatchNodeCount = 0,
BatchPercentage = 0,
BatchSoakDuration = "string",
},
NodePoolSoakDuration = "string",
},
MaxSurge = 0,
MaxUnavailable = 0,
Strategy = "string",
},
Version = "string",
},
},
NodeVersion = "string",
NotificationConfig = new Gcp.Container.Inputs.ClusterNotificationConfigArgs
{
Pubsub = new Gcp.Container.Inputs.ClusterNotificationConfigPubsubArgs
{
Enabled = false,
Filter = new Gcp.Container.Inputs.ClusterNotificationConfigPubsubFilterArgs
{
EventTypes = new[]
{
"string",
},
},
Topic = "string",
},
},
PodSecurityPolicyConfig = new Gcp.Container.Inputs.ClusterPodSecurityPolicyConfigArgs
{
Enabled = false,
},
PrivateClusterConfig = new Gcp.Container.Inputs.ClusterPrivateClusterConfigArgs
{
EnablePrivateEndpoint = false,
EnablePrivateNodes = false,
MasterGlobalAccessConfig = new Gcp.Container.Inputs.ClusterPrivateClusterConfigMasterGlobalAccessConfigArgs
{
Enabled = false,
},
MasterIpv4CidrBlock = "string",
PeeringName = "string",
PrivateEndpoint = "string",
PrivateEndpointSubnetwork = "string",
PublicEndpoint = "string",
},
PrivateIpv6GoogleAccess = "string",
Project = "string",
ProtectConfig = new Gcp.Container.Inputs.ClusterProtectConfigArgs
{
WorkloadConfig = new Gcp.Container.Inputs.ClusterProtectConfigWorkloadConfigArgs
{
AuditMode = "string",
},
WorkloadVulnerabilityMode = "string",
},
ReleaseChannel = new Gcp.Container.Inputs.ClusterReleaseChannelArgs
{
Channel = "string",
},
RemoveDefaultNodePool = false,
ResourceLabels =
{
{ "string", "string" },
},
ResourceUsageExportConfig = new Gcp.Container.Inputs.ClusterResourceUsageExportConfigArgs
{
BigqueryDestination = new Gcp.Container.Inputs.ClusterResourceUsageExportConfigBigqueryDestinationArgs
{
DatasetId = "string",
},
EnableNetworkEgressMetering = false,
EnableResourceConsumptionMetering = false,
},
SecretManagerConfig = new Gcp.Container.Inputs.ClusterSecretManagerConfigArgs
{
Enabled = false,
},
SecurityPostureConfig = new Gcp.Container.Inputs.ClusterSecurityPostureConfigArgs
{
Mode = "string",
VulnerabilityMode = "string",
},
ServiceExternalIpsConfig = new Gcp.Container.Inputs.ClusterServiceExternalIpsConfigArgs
{
Enabled = false,
},
Subnetwork = "string",
TpuConfig = new Gcp.Container.Inputs.ClusterTpuConfigArgs
{
Enabled = false,
Ipv4CidrBlock = "string",
UseServiceNetworking = false,
},
UserManagedKeysConfig = new Gcp.Container.Inputs.ClusterUserManagedKeysConfigArgs
{
AggregationCa = "string",
ClusterCa = "string",
ControlPlaneDiskEncryptionKey = "string",
EtcdApiCa = "string",
EtcdPeerCa = "string",
GkeopsEtcdBackupEncryptionKey = "string",
ServiceAccountSigningKeys = new[]
{
"string",
},
ServiceAccountVerificationKeys = new[]
{
"string",
},
},
VerticalPodAutoscaling = new Gcp.Container.Inputs.ClusterVerticalPodAutoscalingArgs
{
Enabled = false,
},
WorkloadAltsConfig = new Gcp.Container.Inputs.ClusterWorkloadAltsConfigArgs
{
EnableAlts = false,
},
WorkloadIdentityConfig = new Gcp.Container.Inputs.ClusterWorkloadIdentityConfigArgs
{
WorkloadPool = "string",
},
});
example, err := container.NewCluster(ctx, "gcpClusterResource", &container.ClusterArgs{
AddonsConfig: &container.ClusterAddonsConfigArgs{
CloudrunConfig: &container.ClusterAddonsConfigCloudrunConfigArgs{
Disabled: pulumi.Bool(false),
LoadBalancerType: pulumi.String("string"),
},
ConfigConnectorConfig: &container.ClusterAddonsConfigConfigConnectorConfigArgs{
Enabled: pulumi.Bool(false),
},
DnsCacheConfig: &container.ClusterAddonsConfigDnsCacheConfigArgs{
Enabled: pulumi.Bool(false),
},
GcePersistentDiskCsiDriverConfig: &container.ClusterAddonsConfigGcePersistentDiskCsiDriverConfigArgs{
Enabled: pulumi.Bool(false),
},
GcpFilestoreCsiDriverConfig: &container.ClusterAddonsConfigGcpFilestoreCsiDriverConfigArgs{
Enabled: pulumi.Bool(false),
},
GcsFuseCsiDriverConfig: &container.ClusterAddonsConfigGcsFuseCsiDriverConfigArgs{
Enabled: pulumi.Bool(false),
},
GkeBackupAgentConfig: &container.ClusterAddonsConfigGkeBackupAgentConfigArgs{
Enabled: pulumi.Bool(false),
},
HorizontalPodAutoscaling: &container.ClusterAddonsConfigHorizontalPodAutoscalingArgs{
Disabled: pulumi.Bool(false),
},
HttpLoadBalancing: &container.ClusterAddonsConfigHttpLoadBalancingArgs{
Disabled: pulumi.Bool(false),
},
IstioConfig: &container.ClusterAddonsConfigIstioConfigArgs{
Disabled: pulumi.Bool(false),
Auth: pulumi.String("string"),
},
KalmConfig: &container.ClusterAddonsConfigKalmConfigArgs{
Enabled: pulumi.Bool(false),
},
NetworkPolicyConfig: &container.ClusterAddonsConfigNetworkPolicyConfigArgs{
Disabled: pulumi.Bool(false),
},
ParallelstoreCsiDriverConfig: &container.ClusterAddonsConfigParallelstoreCsiDriverConfigArgs{
Enabled: pulumi.Bool(false),
},
RayOperatorConfigs: container.ClusterAddonsConfigRayOperatorConfigArray{
&container.ClusterAddonsConfigRayOperatorConfigArgs{
Enabled: pulumi.Bool(false),
RayClusterLoggingConfig: &container.ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfigArgs{
Enabled: pulumi.Bool(false),
},
RayClusterMonitoringConfig: &container.ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfigArgs{
Enabled: pulumi.Bool(false),
},
},
},
StatefulHaConfig: &container.ClusterAddonsConfigStatefulHaConfigArgs{
Enabled: pulumi.Bool(false),
},
},
AllowNetAdmin: pulumi.Bool(false),
AuthenticatorGroupsConfig: &container.ClusterAuthenticatorGroupsConfigArgs{
SecurityGroup: pulumi.String("string"),
},
BinaryAuthorization: &container.ClusterBinaryAuthorizationArgs{
EvaluationMode: pulumi.String("string"),
},
ClusterAutoscaling: &container.ClusterClusterAutoscalingArgs{
AutoProvisioningDefaults: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsArgs{
BootDiskKmsKey: pulumi.String("string"),
DiskSize: pulumi.Int(0),
DiskType: pulumi.String("string"),
ImageType: pulumi.String("string"),
Management: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsManagementArgs{
AutoRepair: pulumi.Bool(false),
AutoUpgrade: pulumi.Bool(false),
UpgradeOptions: container.ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArray{
&container.ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArgs{
AutoUpgradeStartTime: pulumi.String("string"),
Description: pulumi.String("string"),
},
},
},
MinCpuPlatform: pulumi.String("string"),
OauthScopes: pulumi.StringArray{
pulumi.String("string"),
},
ServiceAccount: pulumi.String("string"),
ShieldedInstanceConfig: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfigArgs{
EnableIntegrityMonitoring: pulumi.Bool(false),
EnableSecureBoot: pulumi.Bool(false),
},
UpgradeSettings: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsArgs{
BlueGreenSettings: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsArgs{
NodePoolSoakDuration: pulumi.String("string"),
StandardRolloutPolicy: &container.ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs{
BatchNodeCount: pulumi.Int(0),
BatchPercentage: pulumi.Float64(0),
BatchSoakDuration: pulumi.String("string"),
},
},
MaxSurge: pulumi.Int(0),
MaxUnavailable: pulumi.Int(0),
Strategy: pulumi.String("string"),
},
},
AutoProvisioningLocations: pulumi.StringArray{
pulumi.String("string"),
},
AutoscalingProfile: pulumi.String("string"),
Enabled: pulumi.Bool(false),
ResourceLimits: container.ClusterClusterAutoscalingResourceLimitArray{
&container.ClusterClusterAutoscalingResourceLimitArgs{
Maximum: pulumi.Int(0),
ResourceType: pulumi.String("string"),
Minimum: pulumi.Int(0),
},
},
},
ClusterIpv4Cidr: pulumi.String("string"),
ClusterTelemetry: &container.ClusterClusterTelemetryArgs{
Type: pulumi.String("string"),
},
ConfidentialNodes: &container.ClusterConfidentialNodesArgs{
Enabled: pulumi.Bool(false),
},
ControlPlaneEndpointsConfig: &container.ClusterControlPlaneEndpointsConfigArgs{
DnsEndpointConfig: &container.ClusterControlPlaneEndpointsConfigDnsEndpointConfigArgs{
AllowExternalTraffic: pulumi.Bool(false),
Endpoint: pulumi.String("string"),
},
},
CostManagementConfig: &container.ClusterCostManagementConfigArgs{
Enabled: pulumi.Bool(false),
},
DatabaseEncryption: &container.ClusterDatabaseEncryptionArgs{
State: pulumi.String("string"),
KeyName: pulumi.String("string"),
},
DatapathProvider: pulumi.String("string"),
DefaultMaxPodsPerNode: pulumi.Int(0),
DefaultSnatStatus: &container.ClusterDefaultSnatStatusArgs{
Disabled: pulumi.Bool(false),
},
DeletionProtection: pulumi.Bool(false),
Description: pulumi.String("string"),
DnsConfig: &container.ClusterDnsConfigArgs{
AdditiveVpcScopeDnsDomain: pulumi.String("string"),
ClusterDns: pulumi.String("string"),
ClusterDnsDomain: pulumi.String("string"),
ClusterDnsScope: pulumi.String("string"),
},
EnableAutopilot: pulumi.Bool(false),
EnableCiliumClusterwideNetworkPolicy: pulumi.Bool(false),
EnableFqdnNetworkPolicy: pulumi.Bool(false),
EnableIntranodeVisibility: pulumi.Bool(false),
EnableK8sBetaApis: &container.ClusterEnableK8sBetaApisArgs{
EnabledApis: pulumi.StringArray{
pulumi.String("string"),
},
},
EnableKubernetesAlpha: pulumi.Bool(false),
EnableL4IlbSubsetting: pulumi.Bool(false),
EnableLegacyAbac: pulumi.Bool(false),
EnableMultiNetworking: pulumi.Bool(false),
EnableShieldedNodes: pulumi.Bool(false),
EnableTpu: pulumi.Bool(false),
EnterpriseConfig: &container.ClusterEnterpriseConfigArgs{
ClusterTier: pulumi.String("string"),
DesiredTier: pulumi.String("string"),
},
Fleet: &container.ClusterFleetArgs{
Membership: pulumi.String("string"),
MembershipId: pulumi.String("string"),
MembershipLocation: pulumi.String("string"),
PreRegistered: pulumi.Bool(false),
Project: pulumi.String("string"),
},
GatewayApiConfig: &container.ClusterGatewayApiConfigArgs{
Channel: pulumi.String("string"),
},
IdentityServiceConfig: &container.ClusterIdentityServiceConfigArgs{
Enabled: pulumi.Bool(false),
},
InitialNodeCount: pulumi.Int(0),
IpAllocationPolicy: &container.ClusterIpAllocationPolicyArgs{
AdditionalPodRangesConfig: &container.ClusterIpAllocationPolicyAdditionalPodRangesConfigArgs{
PodRangeNames: pulumi.StringArray{
pulumi.String("string"),
},
},
ClusterIpv4CidrBlock: pulumi.String("string"),
ClusterSecondaryRangeName: pulumi.String("string"),
PodCidrOverprovisionConfig: &container.ClusterIpAllocationPolicyPodCidrOverprovisionConfigArgs{
Disabled: pulumi.Bool(false),
},
ServicesIpv4CidrBlock: pulumi.String("string"),
ServicesSecondaryRangeName: pulumi.String("string"),
StackType: pulumi.String("string"),
},
Location: pulumi.String("string"),
LoggingConfig: &container.ClusterLoggingConfigArgs{
EnableComponents: pulumi.StringArray{
pulumi.String("string"),
},
},
LoggingService: pulumi.String("string"),
MaintenancePolicy: &container.ClusterMaintenancePolicyArgs{
DailyMaintenanceWindow: &container.ClusterMaintenancePolicyDailyMaintenanceWindowArgs{
StartTime: pulumi.String("string"),
Duration: pulumi.String("string"),
},
MaintenanceExclusions: container.ClusterMaintenancePolicyMaintenanceExclusionArray{
&container.ClusterMaintenancePolicyMaintenanceExclusionArgs{
EndTime: pulumi.String("string"),
ExclusionName: pulumi.String("string"),
StartTime: pulumi.String("string"),
ExclusionOptions: &container.ClusterMaintenancePolicyMaintenanceExclusionExclusionOptionsArgs{
Scope: pulumi.String("string"),
},
},
},
RecurringWindow: &container.ClusterMaintenancePolicyRecurringWindowArgs{
EndTime: pulumi.String("string"),
Recurrence: pulumi.String("string"),
StartTime: pulumi.String("string"),
},
},
MasterAuth: &container.ClusterMasterAuthArgs{
ClientCertificateConfig: &container.ClusterMasterAuthClientCertificateConfigArgs{
IssueClientCertificate: pulumi.Bool(false),
},
ClientCertificate: pulumi.String("string"),
ClientKey: pulumi.String("string"),
ClusterCaCertificate: pulumi.String("string"),
},
MasterAuthorizedNetworksConfig: &container.ClusterMasterAuthorizedNetworksConfigArgs{
CidrBlocks: container.ClusterMasterAuthorizedNetworksConfigCidrBlockArray{
&container.ClusterMasterAuthorizedNetworksConfigCidrBlockArgs{
CidrBlock: pulumi.String("string"),
DisplayName: pulumi.String("string"),
},
},
GcpPublicCidrsAccessEnabled: pulumi.Bool(false),
PrivateEndpointEnforcementEnabled: pulumi.Bool(false),
},
MeshCertificates: &container.ClusterMeshCertificatesArgs{
EnableCertificates: pulumi.Bool(false),
},
MinMasterVersion: pulumi.String("string"),
MonitoringConfig: &container.ClusterMonitoringConfigArgs{
AdvancedDatapathObservabilityConfig: &container.ClusterMonitoringConfigAdvancedDatapathObservabilityConfigArgs{
EnableMetrics: pulumi.Bool(false),
EnableRelay: pulumi.Bool(false),
},
EnableComponents: pulumi.StringArray{
pulumi.String("string"),
},
ManagedPrometheus: &container.ClusterMonitoringConfigManagedPrometheusArgs{
Enabled: pulumi.Bool(false),
AutoMonitoringConfig: &container.ClusterMonitoringConfigManagedPrometheusAutoMonitoringConfigArgs{
Scope: pulumi.String("string"),
},
},
},
MonitoringService: pulumi.String("string"),
Name: pulumi.String("string"),
Network: pulumi.String("string"),
NetworkPolicy: &container.ClusterNetworkPolicyArgs{
Enabled: pulumi.Bool(false),
Provider: pulumi.String("string"),
},
NetworkingMode: pulumi.String("string"),
NodeConfig: &container.ClusterNodeConfigArgs{
AdvancedMachineFeatures: &container.ClusterNodeConfigAdvancedMachineFeaturesArgs{
ThreadsPerCore: pulumi.Int(0),
EnableNestedVirtualization: pulumi.Bool(false),
},
BootDiskKmsKey: pulumi.String("string"),
ConfidentialNodes: &container.ClusterNodeConfigConfidentialNodesArgs{
Enabled: pulumi.Bool(false),
},
ContainerdConfig: &container.ClusterNodeConfigContainerdConfigArgs{
PrivateRegistryAccessConfig: &container.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs{
Enabled: pulumi.Bool(false),
CertificateAuthorityDomainConfigs: container.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArray{
&container.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs{
Fqdns: pulumi.StringArray{
pulumi.String("string"),
},
GcpSecretManagerCertificateConfig: &container.ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs{
SecretUri: pulumi.String("string"),
},
},
},
},
},
DiskSizeGb: pulumi.Int(0),
DiskType: pulumi.String("string"),
EffectiveTaints: container.ClusterNodeConfigEffectiveTaintArray{
&container.ClusterNodeConfigEffectiveTaintArgs{
Effect: pulumi.String("string"),
Key: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
EnableConfidentialStorage: pulumi.Bool(false),
EphemeralStorageConfig: &container.ClusterNodeConfigEphemeralStorageConfigArgs{
LocalSsdCount: pulumi.Int(0),
},
EphemeralStorageLocalSsdConfig: &container.ClusterNodeConfigEphemeralStorageLocalSsdConfigArgs{
LocalSsdCount: pulumi.Int(0),
},
FastSocket: &container.ClusterNodeConfigFastSocketArgs{
Enabled: pulumi.Bool(false),
},
GcfsConfig: &container.ClusterNodeConfigGcfsConfigArgs{
Enabled: pulumi.Bool(false),
},
GuestAccelerators: container.ClusterNodeConfigGuestAcceleratorArray{
&container.ClusterNodeConfigGuestAcceleratorArgs{
Count: pulumi.Int(0),
Type: pulumi.String("string"),
GpuDriverInstallationConfig: &container.ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs{
GpuDriverVersion: pulumi.String("string"),
},
GpuPartitionSize: pulumi.String("string"),
GpuSharingConfig: &container.ClusterNodeConfigGuestAcceleratorGpuSharingConfigArgs{
GpuSharingStrategy: pulumi.String("string"),
MaxSharedClientsPerGpu: pulumi.Int(0),
},
},
},
Gvnic: &container.ClusterNodeConfigGvnicArgs{
Enabled: pulumi.Bool(false),
},
HostMaintenancePolicy: &container.ClusterNodeConfigHostMaintenancePolicyArgs{
MaintenanceInterval: pulumi.String("string"),
},
ImageType: pulumi.String("string"),
KubeletConfig: &container.ClusterNodeConfigKubeletConfigArgs{
AllowedUnsafeSysctls: pulumi.StringArray{
pulumi.String("string"),
},
ContainerLogMaxFiles: pulumi.Int(0),
ContainerLogMaxSize: pulumi.String("string"),
CpuCfsQuota: pulumi.Bool(false),
CpuCfsQuotaPeriod: pulumi.String("string"),
CpuManagerPolicy: pulumi.String("string"),
ImageGcHighThresholdPercent: pulumi.Int(0),
ImageGcLowThresholdPercent: pulumi.Int(0),
ImageMaximumGcAge: pulumi.String("string"),
ImageMinimumGcAge: pulumi.String("string"),
InsecureKubeletReadonlyPortEnabled: pulumi.String("string"),
PodPidsLimit: pulumi.Int(0),
},
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
LinuxNodeConfig: &container.ClusterNodeConfigLinuxNodeConfigArgs{
CgroupMode: pulumi.String("string"),
HugepagesConfig: &container.ClusterNodeConfigLinuxNodeConfigHugepagesConfigArgs{
HugepageSize1g: pulumi.Int(0),
HugepageSize2m: pulumi.Int(0),
},
Sysctls: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
LocalNvmeSsdBlockConfig: &container.ClusterNodeConfigLocalNvmeSsdBlockConfigArgs{
LocalSsdCount: pulumi.Int(0),
},
LocalSsdCount: pulumi.Int(0),
LocalSsdEncryptionMode: pulumi.String("string"),
LoggingVariant: pulumi.String("string"),
MachineType: pulumi.String("string"),
MaxRunDuration: pulumi.String("string"),
Metadata: pulumi.StringMap{
"string": pulumi.String("string"),
},
MinCpuPlatform: pulumi.String("string"),
NodeGroup: pulumi.String("string"),
OauthScopes: pulumi.StringArray{
pulumi.String("string"),
},
Preemptible: pulumi.Bool(false),
ReservationAffinity: &container.ClusterNodeConfigReservationAffinityArgs{
ConsumeReservationType: pulumi.String("string"),
Key: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
ResourceLabels: pulumi.StringMap{
"string": pulumi.String("string"),
},
ResourceManagerTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
SandboxConfig: &container.ClusterNodeConfigSandboxConfigArgs{
SandboxType: pulumi.String("string"),
},
SecondaryBootDisks: container.ClusterNodeConfigSecondaryBootDiskArray{
&container.ClusterNodeConfigSecondaryBootDiskArgs{
DiskImage: pulumi.String("string"),
Mode: pulumi.String("string"),
},
},
ServiceAccount: pulumi.String("string"),
ShieldedInstanceConfig: &container.ClusterNodeConfigShieldedInstanceConfigArgs{
EnableIntegrityMonitoring: pulumi.Bool(false),
EnableSecureBoot: pulumi.Bool(false),
},
SoleTenantConfig: &container.ClusterNodeConfigSoleTenantConfigArgs{
NodeAffinities: container.ClusterNodeConfigSoleTenantConfigNodeAffinityArray{
&container.ClusterNodeConfigSoleTenantConfigNodeAffinityArgs{
Key: pulumi.String("string"),
Operator: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
Spot: pulumi.Bool(false),
StoragePools: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
Taints: container.ClusterNodeConfigTaintArray{
&container.ClusterNodeConfigTaintArgs{
Effect: pulumi.String("string"),
Key: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
WorkloadMetadataConfig: &container.ClusterNodeConfigWorkloadMetadataConfigArgs{
Mode: pulumi.String("string"),
},
},
NodeLocations: pulumi.StringArray{
pulumi.String("string"),
},
NodePoolAutoConfig: &container.ClusterNodePoolAutoConfigArgs{
LinuxNodeConfig: &container.ClusterNodePoolAutoConfigLinuxNodeConfigArgs{
CgroupMode: pulumi.String("string"),
},
NetworkTags: &container.ClusterNodePoolAutoConfigNetworkTagsArgs{
Tags: pulumi.StringArray{
pulumi.String("string"),
},
},
NodeKubeletConfig: &container.ClusterNodePoolAutoConfigNodeKubeletConfigArgs{
InsecureKubeletReadonlyPortEnabled: pulumi.String("string"),
},
ResourceManagerTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
NodePoolDefaults: &container.ClusterNodePoolDefaultsArgs{
NodeConfigDefaults: &container.ClusterNodePoolDefaultsNodeConfigDefaultsArgs{
ContainerdConfig: &container.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs{
PrivateRegistryAccessConfig: &container.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs{
Enabled: pulumi.Bool(false),
CertificateAuthorityDomainConfigs: container.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArray{
&container.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs{
Fqdns: pulumi.StringArray{
pulumi.String("string"),
},
GcpSecretManagerCertificateConfig: &container.ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs{
SecretUri: pulumi.String("string"),
},
},
},
},
},
GcfsConfig: &container.ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs{
Enabled: pulumi.Bool(false),
},
InsecureKubeletReadonlyPortEnabled: pulumi.String("string"),
LoggingVariant: pulumi.String("string"),
},
},
NodePools: container.ClusterNodePoolArray{
&container.ClusterNodePoolArgs{
Autoscaling: &container.ClusterNodePoolAutoscalingArgs{
LocationPolicy: pulumi.String("string"),
MaxNodeCount: pulumi.Int(0),
MinNodeCount: pulumi.Int(0),
TotalMaxNodeCount: pulumi.Int(0),
TotalMinNodeCount: pulumi.Int(0),
},
InitialNodeCount: pulumi.Int(0),
InstanceGroupUrls: pulumi.StringArray{
pulumi.String("string"),
},
ManagedInstanceGroupUrls: pulumi.StringArray{
pulumi.String("string"),
},
Management: &container.ClusterNodePoolManagementArgs{
AutoRepair: pulumi.Bool(false),
AutoUpgrade: pulumi.Bool(false),
},
MaxPodsPerNode: pulumi.Int(0),
Name: pulumi.String("string"),
NamePrefix: pulumi.String("string"),
NetworkConfig: &container.ClusterNodePoolNetworkConfigArgs{
AdditionalNodeNetworkConfigs: container.ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfigArray{
&container.ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfigArgs{
Network: pulumi.String("string"),
Subnetwork: pulumi.String("string"),
},
},
AdditionalPodNetworkConfigs: container.ClusterNodePoolNetworkConfigAdditionalPodNetworkConfigArray{
&container.ClusterNodePoolNetworkConfigAdditionalPodNetworkConfigArgs{
MaxPodsPerNode: pulumi.Int(0),
SecondaryPodRange: pulumi.String("string"),
Subnetwork: pulumi.String("string"),
},
},
CreatePodRange: pulumi.Bool(false),
EnablePrivateNodes: pulumi.Bool(false),
NetworkPerformanceConfig: &container.ClusterNodePoolNetworkConfigNetworkPerformanceConfigArgs{
TotalEgressBandwidthTier: pulumi.String("string"),
},
PodCidrOverprovisionConfig: &container.ClusterNodePoolNetworkConfigPodCidrOverprovisionConfigArgs{
Disabled: pulumi.Bool(false),
},
PodIpv4CidrBlock: pulumi.String("string"),
PodRange: pulumi.String("string"),
},
NodeConfig: &container.ClusterNodePoolNodeConfigArgs{
AdvancedMachineFeatures: &container.ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs{
ThreadsPerCore: pulumi.Int(0),
EnableNestedVirtualization: pulumi.Bool(false),
},
BootDiskKmsKey: pulumi.String("string"),
ConfidentialNodes: &container.ClusterNodePoolNodeConfigConfidentialNodesArgs{
Enabled: pulumi.Bool(false),
},
ContainerdConfig: &container.ClusterNodePoolNodeConfigContainerdConfigArgs{
PrivateRegistryAccessConfig: &container.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs{
Enabled: pulumi.Bool(false),
CertificateAuthorityDomainConfigs: container.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArray{
&container.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs{
Fqdns: pulumi.StringArray{
pulumi.String("string"),
},
GcpSecretManagerCertificateConfig: &container.ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs{
SecretUri: pulumi.String("string"),
},
},
},
},
},
DiskSizeGb: pulumi.Int(0),
DiskType: pulumi.String("string"),
EffectiveTaints: container.ClusterNodePoolNodeConfigEffectiveTaintArray{
&container.ClusterNodePoolNodeConfigEffectiveTaintArgs{
Effect: pulumi.String("string"),
Key: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
EnableConfidentialStorage: pulumi.Bool(false),
EphemeralStorageConfig: &container.ClusterNodePoolNodeConfigEphemeralStorageConfigArgs{
LocalSsdCount: pulumi.Int(0),
},
EphemeralStorageLocalSsdConfig: &container.ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfigArgs{
LocalSsdCount: pulumi.Int(0),
},
FastSocket: &container.ClusterNodePoolNodeConfigFastSocketArgs{
Enabled: pulumi.Bool(false),
},
GcfsConfig: &container.ClusterNodePoolNodeConfigGcfsConfigArgs{
Enabled: pulumi.Bool(false),
},
GuestAccelerators: container.ClusterNodePoolNodeConfigGuestAcceleratorArray{
&container.ClusterNodePoolNodeConfigGuestAcceleratorArgs{
Count: pulumi.Int(0),
Type: pulumi.String("string"),
GpuDriverInstallationConfig: &container.ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs{
GpuDriverVersion: pulumi.String("string"),
},
GpuPartitionSize: pulumi.String("string"),
GpuSharingConfig: &container.ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfigArgs{
GpuSharingStrategy: pulumi.String("string"),
MaxSharedClientsPerGpu: pulumi.Int(0),
},
},
},
Gvnic: &container.ClusterNodePoolNodeConfigGvnicArgs{
Enabled: pulumi.Bool(false),
},
HostMaintenancePolicy: &container.ClusterNodePoolNodeConfigHostMaintenancePolicyArgs{
MaintenanceInterval: pulumi.String("string"),
},
ImageType: pulumi.String("string"),
KubeletConfig: &container.ClusterNodePoolNodeConfigKubeletConfigArgs{
AllowedUnsafeSysctls: pulumi.StringArray{
pulumi.String("string"),
},
ContainerLogMaxFiles: pulumi.Int(0),
ContainerLogMaxSize: pulumi.String("string"),
CpuCfsQuota: pulumi.Bool(false),
CpuCfsQuotaPeriod: pulumi.String("string"),
CpuManagerPolicy: pulumi.String("string"),
ImageGcHighThresholdPercent: pulumi.Int(0),
ImageGcLowThresholdPercent: pulumi.Int(0),
ImageMaximumGcAge: pulumi.String("string"),
ImageMinimumGcAge: pulumi.String("string"),
InsecureKubeletReadonlyPortEnabled: pulumi.String("string"),
PodPidsLimit: pulumi.Int(0),
},
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
LinuxNodeConfig: &container.ClusterNodePoolNodeConfigLinuxNodeConfigArgs{
CgroupMode: pulumi.String("string"),
HugepagesConfig: &container.ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfigArgs{
HugepageSize1g: pulumi.Int(0),
HugepageSize2m: pulumi.Int(0),
},
Sysctls: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
LocalNvmeSsdBlockConfig: &container.ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfigArgs{
LocalSsdCount: pulumi.Int(0),
},
LocalSsdCount: pulumi.Int(0),
LocalSsdEncryptionMode: pulumi.String("string"),
LoggingVariant: pulumi.String("string"),
MachineType: pulumi.String("string"),
MaxRunDuration: pulumi.String("string"),
Metadata: pulumi.StringMap{
"string": pulumi.String("string"),
},
MinCpuPlatform: pulumi.String("string"),
NodeGroup: pulumi.String("string"),
OauthScopes: pulumi.StringArray{
pulumi.String("string"),
},
Preemptible: pulumi.Bool(false),
ReservationAffinity: &container.ClusterNodePoolNodeConfigReservationAffinityArgs{
ConsumeReservationType: pulumi.String("string"),
Key: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
ResourceLabels: pulumi.StringMap{
"string": pulumi.String("string"),
},
ResourceManagerTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
SandboxConfig: &container.ClusterNodePoolNodeConfigSandboxConfigArgs{
SandboxType: pulumi.String("string"),
},
SecondaryBootDisks: container.ClusterNodePoolNodeConfigSecondaryBootDiskArray{
&container.ClusterNodePoolNodeConfigSecondaryBootDiskArgs{
DiskImage: pulumi.String("string"),
Mode: pulumi.String("string"),
},
},
ServiceAccount: pulumi.String("string"),
ShieldedInstanceConfig: &container.ClusterNodePoolNodeConfigShieldedInstanceConfigArgs{
EnableIntegrityMonitoring: pulumi.Bool(false),
EnableSecureBoot: pulumi.Bool(false),
},
SoleTenantConfig: &container.ClusterNodePoolNodeConfigSoleTenantConfigArgs{
NodeAffinities: container.ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinityArray{
&container.ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinityArgs{
Key: pulumi.String("string"),
Operator: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
Spot: pulumi.Bool(false),
StoragePools: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
Taints: container.ClusterNodePoolNodeConfigTaintArray{
&container.ClusterNodePoolNodeConfigTaintArgs{
Effect: pulumi.String("string"),
Key: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
WorkloadMetadataConfig: &container.ClusterNodePoolNodeConfigWorkloadMetadataConfigArgs{
Mode: pulumi.String("string"),
},
},
NodeCount: pulumi.Int(0),
NodeLocations: pulumi.StringArray{
pulumi.String("string"),
},
PlacementPolicy: &container.ClusterNodePoolPlacementPolicyArgs{
Type: pulumi.String("string"),
PolicyName: pulumi.String("string"),
TpuTopology: pulumi.String("string"),
},
QueuedProvisioning: &container.ClusterNodePoolQueuedProvisioningArgs{
Enabled: pulumi.Bool(false),
},
UpgradeSettings: &container.ClusterNodePoolUpgradeSettingsArgs{
BlueGreenSettings: &container.ClusterNodePoolUpgradeSettingsBlueGreenSettingsArgs{
StandardRolloutPolicy: &container.ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs{
BatchNodeCount: pulumi.Int(0),
BatchPercentage: pulumi.Float64(0),
BatchSoakDuration: pulumi.String("string"),
},
NodePoolSoakDuration: pulumi.String("string"),
},
MaxSurge: pulumi.Int(0),
MaxUnavailable: pulumi.Int(0),
Strategy: pulumi.String("string"),
},
Version: pulumi.String("string"),
},
},
NodeVersion: pulumi.String("string"),
NotificationConfig: &container.ClusterNotificationConfigArgs{
Pubsub: &container.ClusterNotificationConfigPubsubArgs{
Enabled: pulumi.Bool(false),
Filter: &container.ClusterNotificationConfigPubsubFilterArgs{
EventTypes: pulumi.StringArray{
pulumi.String("string"),
},
},
Topic: pulumi.String("string"),
},
},
PodSecurityPolicyConfig: &container.ClusterPodSecurityPolicyConfigArgs{
Enabled: pulumi.Bool(false),
},
PrivateClusterConfig: &container.ClusterPrivateClusterConfigArgs{
EnablePrivateEndpoint: pulumi.Bool(false),
EnablePrivateNodes: pulumi.Bool(false),
MasterGlobalAccessConfig: &container.ClusterPrivateClusterConfigMasterGlobalAccessConfigArgs{
Enabled: pulumi.Bool(false),
},
MasterIpv4CidrBlock: pulumi.String("string"),
PeeringName: pulumi.String("string"),
PrivateEndpoint: pulumi.String("string"),
PrivateEndpointSubnetwork: pulumi.String("string"),
PublicEndpoint: pulumi.String("string"),
},
PrivateIpv6GoogleAccess: pulumi.String("string"),
Project: pulumi.String("string"),
ProtectConfig: &container.ClusterProtectConfigArgs{
WorkloadConfig: &container.ClusterProtectConfigWorkloadConfigArgs{
AuditMode: pulumi.String("string"),
},
WorkloadVulnerabilityMode: pulumi.String("string"),
},
ReleaseChannel: &container.ClusterReleaseChannelArgs{
Channel: pulumi.String("string"),
},
RemoveDefaultNodePool: pulumi.Bool(false),
ResourceLabels: pulumi.StringMap{
"string": pulumi.String("string"),
},
ResourceUsageExportConfig: &container.ClusterResourceUsageExportConfigArgs{
BigqueryDestination: &container.ClusterResourceUsageExportConfigBigqueryDestinationArgs{
DatasetId: pulumi.String("string"),
},
EnableNetworkEgressMetering: pulumi.Bool(false),
EnableResourceConsumptionMetering: pulumi.Bool(false),
},
SecretManagerConfig: &container.ClusterSecretManagerConfigArgs{
Enabled: pulumi.Bool(false),
},
SecurityPostureConfig: &container.ClusterSecurityPostureConfigArgs{
Mode: pulumi.String("string"),
VulnerabilityMode: pulumi.String("string"),
},
ServiceExternalIpsConfig: &container.ClusterServiceExternalIpsConfigArgs{
Enabled: pulumi.Bool(false),
},
Subnetwork: pulumi.String("string"),
TpuConfig: &container.ClusterTpuConfigArgs{
Enabled: pulumi.Bool(false),
Ipv4CidrBlock: pulumi.String("string"),
UseServiceNetworking: pulumi.Bool(false),
},
UserManagedKeysConfig: &container.ClusterUserManagedKeysConfigArgs{
AggregationCa: pulumi.String("string"),
ClusterCa: pulumi.String("string"),
ControlPlaneDiskEncryptionKey: pulumi.String("string"),
EtcdApiCa: pulumi.String("string"),
EtcdPeerCa: pulumi.String("string"),
GkeopsEtcdBackupEncryptionKey: pulumi.String("string"),
ServiceAccountSigningKeys: pulumi.StringArray{
pulumi.String("string"),
},
ServiceAccountVerificationKeys: pulumi.StringArray{
pulumi.String("string"),
},
},
VerticalPodAutoscaling: &container.ClusterVerticalPodAutoscalingArgs{
Enabled: pulumi.Bool(false),
},
WorkloadAltsConfig: &container.ClusterWorkloadAltsConfigArgs{
EnableAlts: pulumi.Bool(false),
},
WorkloadIdentityConfig: &container.ClusterWorkloadIdentityConfigArgs{
WorkloadPool: pulumi.String("string"),
},
})
var gcpClusterResource = new Cluster("gcpClusterResource", ClusterArgs.builder()
.addonsConfig(ClusterAddonsConfigArgs.builder()
.cloudrunConfig(ClusterAddonsConfigCloudrunConfigArgs.builder()
.disabled(false)
.loadBalancerType("string")
.build())
.configConnectorConfig(ClusterAddonsConfigConfigConnectorConfigArgs.builder()
.enabled(false)
.build())
.dnsCacheConfig(ClusterAddonsConfigDnsCacheConfigArgs.builder()
.enabled(false)
.build())
.gcePersistentDiskCsiDriverConfig(ClusterAddonsConfigGcePersistentDiskCsiDriverConfigArgs.builder()
.enabled(false)
.build())
.gcpFilestoreCsiDriverConfig(ClusterAddonsConfigGcpFilestoreCsiDriverConfigArgs.builder()
.enabled(false)
.build())
.gcsFuseCsiDriverConfig(ClusterAddonsConfigGcsFuseCsiDriverConfigArgs.builder()
.enabled(false)
.build())
.gkeBackupAgentConfig(ClusterAddonsConfigGkeBackupAgentConfigArgs.builder()
.enabled(false)
.build())
.horizontalPodAutoscaling(ClusterAddonsConfigHorizontalPodAutoscalingArgs.builder()
.disabled(false)
.build())
.httpLoadBalancing(ClusterAddonsConfigHttpLoadBalancingArgs.builder()
.disabled(false)
.build())
.istioConfig(ClusterAddonsConfigIstioConfigArgs.builder()
.disabled(false)
.auth("string")
.build())
.kalmConfig(ClusterAddonsConfigKalmConfigArgs.builder()
.enabled(false)
.build())
.networkPolicyConfig(ClusterAddonsConfigNetworkPolicyConfigArgs.builder()
.disabled(false)
.build())
.parallelstoreCsiDriverConfig(ClusterAddonsConfigParallelstoreCsiDriverConfigArgs.builder()
.enabled(false)
.build())
.rayOperatorConfigs(ClusterAddonsConfigRayOperatorConfigArgs.builder()
.enabled(false)
.rayClusterLoggingConfig(ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfigArgs.builder()
.enabled(false)
.build())
.rayClusterMonitoringConfig(ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfigArgs.builder()
.enabled(false)
.build())
.build())
.statefulHaConfig(ClusterAddonsConfigStatefulHaConfigArgs.builder()
.enabled(false)
.build())
.build())
.allowNetAdmin(false)
.authenticatorGroupsConfig(ClusterAuthenticatorGroupsConfigArgs.builder()
.securityGroup("string")
.build())
.binaryAuthorization(ClusterBinaryAuthorizationArgs.builder()
.evaluationMode("string")
.build())
.clusterAutoscaling(ClusterClusterAutoscalingArgs.builder()
.autoProvisioningDefaults(ClusterClusterAutoscalingAutoProvisioningDefaultsArgs.builder()
.bootDiskKmsKey("string")
.diskSize(0)
.diskType("string")
.imageType("string")
.management(ClusterClusterAutoscalingAutoProvisioningDefaultsManagementArgs.builder()
.autoRepair(false)
.autoUpgrade(false)
.upgradeOptions(ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArgs.builder()
.autoUpgradeStartTime("string")
.description("string")
.build())
.build())
.minCpuPlatform("string")
.oauthScopes("string")
.serviceAccount("string")
.shieldedInstanceConfig(ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfigArgs.builder()
.enableIntegrityMonitoring(false)
.enableSecureBoot(false)
.build())
.upgradeSettings(ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsArgs.builder()
.blueGreenSettings(ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsArgs.builder()
.nodePoolSoakDuration("string")
.standardRolloutPolicy(ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs.builder()
.batchNodeCount(0)
.batchPercentage(0)
.batchSoakDuration("string")
.build())
.build())
.maxSurge(0)
.maxUnavailable(0)
.strategy("string")
.build())
.build())
.autoProvisioningLocations("string")
.autoscalingProfile("string")
.enabled(false)
.resourceLimits(ClusterClusterAutoscalingResourceLimitArgs.builder()
.maximum(0)
.resourceType("string")
.minimum(0)
.build())
.build())
.clusterIpv4Cidr("string")
.clusterTelemetry(ClusterClusterTelemetryArgs.builder()
.type("string")
.build())
.confidentialNodes(ClusterConfidentialNodesArgs.builder()
.enabled(false)
.build())
.controlPlaneEndpointsConfig(ClusterControlPlaneEndpointsConfigArgs.builder()
.dnsEndpointConfig(ClusterControlPlaneEndpointsConfigDnsEndpointConfigArgs.builder()
.allowExternalTraffic(false)
.endpoint("string")
.build())
.build())
.costManagementConfig(ClusterCostManagementConfigArgs.builder()
.enabled(false)
.build())
.databaseEncryption(ClusterDatabaseEncryptionArgs.builder()
.state("string")
.keyName("string")
.build())
.datapathProvider("string")
.defaultMaxPodsPerNode(0)
.defaultSnatStatus(ClusterDefaultSnatStatusArgs.builder()
.disabled(false)
.build())
.deletionProtection(false)
.description("string")
.dnsConfig(ClusterDnsConfigArgs.builder()
.additiveVpcScopeDnsDomain("string")
.clusterDns("string")
.clusterDnsDomain("string")
.clusterDnsScope("string")
.build())
.enableAutopilot(false)
.enableCiliumClusterwideNetworkPolicy(false)
.enableFqdnNetworkPolicy(false)
.enableIntranodeVisibility(false)
.enableK8sBetaApis(ClusterEnableK8sBetaApisArgs.builder()
.enabledApis("string")
.build())
.enableKubernetesAlpha(false)
.enableL4IlbSubsetting(false)
.enableLegacyAbac(false)
.enableMultiNetworking(false)
.enableShieldedNodes(false)
.enableTpu(false)
.enterpriseConfig(ClusterEnterpriseConfigArgs.builder()
.clusterTier("string")
.desiredTier("string")
.build())
.fleet(ClusterFleetArgs.builder()
.membership("string")
.membershipId("string")
.membershipLocation("string")
.preRegistered(false)
.project("string")
.build())
.gatewayApiConfig(ClusterGatewayApiConfigArgs.builder()
.channel("string")
.build())
.identityServiceConfig(ClusterIdentityServiceConfigArgs.builder()
.enabled(false)
.build())
.initialNodeCount(0)
.ipAllocationPolicy(ClusterIpAllocationPolicyArgs.builder()
.additionalPodRangesConfig(ClusterIpAllocationPolicyAdditionalPodRangesConfigArgs.builder()
.podRangeNames("string")
.build())
.clusterIpv4CidrBlock("string")
.clusterSecondaryRangeName("string")
.podCidrOverprovisionConfig(ClusterIpAllocationPolicyPodCidrOverprovisionConfigArgs.builder()
.disabled(false)
.build())
.servicesIpv4CidrBlock("string")
.servicesSecondaryRangeName("string")
.stackType("string")
.build())
.location("string")
.loggingConfig(ClusterLoggingConfigArgs.builder()
.enableComponents("string")
.build())
.loggingService("string")
.maintenancePolicy(ClusterMaintenancePolicyArgs.builder()
.dailyMaintenanceWindow(ClusterMaintenancePolicyDailyMaintenanceWindowArgs.builder()
.startTime("string")
.duration("string")
.build())
.maintenanceExclusions(ClusterMaintenancePolicyMaintenanceExclusionArgs.builder()
.endTime("string")
.exclusionName("string")
.startTime("string")
.exclusionOptions(ClusterMaintenancePolicyMaintenanceExclusionExclusionOptionsArgs.builder()
.scope("string")
.build())
.build())
.recurringWindow(ClusterMaintenancePolicyRecurringWindowArgs.builder()
.endTime("string")
.recurrence("string")
.startTime("string")
.build())
.build())
.masterAuth(ClusterMasterAuthArgs.builder()
.clientCertificateConfig(ClusterMasterAuthClientCertificateConfigArgs.builder()
.issueClientCertificate(false)
.build())
.clientCertificate("string")
.clientKey("string")
.clusterCaCertificate("string")
.build())
.masterAuthorizedNetworksConfig(ClusterMasterAuthorizedNetworksConfigArgs.builder()
.cidrBlocks(ClusterMasterAuthorizedNetworksConfigCidrBlockArgs.builder()
.cidrBlock("string")
.displayName("string")
.build())
.gcpPublicCidrsAccessEnabled(false)
.privateEndpointEnforcementEnabled(false)
.build())
.meshCertificates(ClusterMeshCertificatesArgs.builder()
.enableCertificates(false)
.build())
.minMasterVersion("string")
.monitoringConfig(ClusterMonitoringConfigArgs.builder()
.advancedDatapathObservabilityConfig(ClusterMonitoringConfigAdvancedDatapathObservabilityConfigArgs.builder()
.enableMetrics(false)
.enableRelay(false)
.build())
.enableComponents("string")
.managedPrometheus(ClusterMonitoringConfigManagedPrometheusArgs.builder()
.enabled(false)
.autoMonitoringConfig(ClusterMonitoringConfigManagedPrometheusAutoMonitoringConfigArgs.builder()
.scope("string")
.build())
.build())
.build())
.monitoringService("string")
.name("string")
.network("string")
.networkPolicy(ClusterNetworkPolicyArgs.builder()
.enabled(false)
.provider("string")
.build())
.networkingMode("string")
.nodeConfig(ClusterNodeConfigArgs.builder()
.advancedMachineFeatures(ClusterNodeConfigAdvancedMachineFeaturesArgs.builder()
.threadsPerCore(0)
.enableNestedVirtualization(false)
.build())
.bootDiskKmsKey("string")
.confidentialNodes(ClusterNodeConfigConfidentialNodesArgs.builder()
.enabled(false)
.build())
.containerdConfig(ClusterNodeConfigContainerdConfigArgs.builder()
.privateRegistryAccessConfig(ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs.builder()
.enabled(false)
.certificateAuthorityDomainConfigs(ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs.builder()
.fqdns("string")
.gcpSecretManagerCertificateConfig(ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs.builder()
.secretUri("string")
.build())
.build())
.build())
.build())
.diskSizeGb(0)
.diskType("string")
.effectiveTaints(ClusterNodeConfigEffectiveTaintArgs.builder()
.effect("string")
.key("string")
.value("string")
.build())
.enableConfidentialStorage(false)
.ephemeralStorageConfig(ClusterNodeConfigEphemeralStorageConfigArgs.builder()
.localSsdCount(0)
.build())
.ephemeralStorageLocalSsdConfig(ClusterNodeConfigEphemeralStorageLocalSsdConfigArgs.builder()
.localSsdCount(0)
.build())
.fastSocket(ClusterNodeConfigFastSocketArgs.builder()
.enabled(false)
.build())
.gcfsConfig(ClusterNodeConfigGcfsConfigArgs.builder()
.enabled(false)
.build())
.guestAccelerators(ClusterNodeConfigGuestAcceleratorArgs.builder()
.count(0)
.type("string")
.gpuDriverInstallationConfig(ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs.builder()
.gpuDriverVersion("string")
.build())
.gpuPartitionSize("string")
.gpuSharingConfig(ClusterNodeConfigGuestAcceleratorGpuSharingConfigArgs.builder()
.gpuSharingStrategy("string")
.maxSharedClientsPerGpu(0)
.build())
.build())
.gvnic(ClusterNodeConfigGvnicArgs.builder()
.enabled(false)
.build())
.hostMaintenancePolicy(ClusterNodeConfigHostMaintenancePolicyArgs.builder()
.maintenanceInterval("string")
.build())
.imageType("string")
.kubeletConfig(ClusterNodeConfigKubeletConfigArgs.builder()
.allowedUnsafeSysctls("string")
.containerLogMaxFiles(0)
.containerLogMaxSize("string")
.cpuCfsQuota(false)
.cpuCfsQuotaPeriod("string")
.cpuManagerPolicy("string")
.imageGcHighThresholdPercent(0)
.imageGcLowThresholdPercent(0)
.imageMaximumGcAge("string")
.imageMinimumGcAge("string")
.insecureKubeletReadonlyPortEnabled("string")
.podPidsLimit(0)
.build())
.labels(Map.of("string", "string"))
.linuxNodeConfig(ClusterNodeConfigLinuxNodeConfigArgs.builder()
.cgroupMode("string")
.hugepagesConfig(ClusterNodeConfigLinuxNodeConfigHugepagesConfigArgs.builder()
.hugepageSize1g(0)
.hugepageSize2m(0)
.build())
.sysctls(Map.of("string", "string"))
.build())
.localNvmeSsdBlockConfig(ClusterNodeConfigLocalNvmeSsdBlockConfigArgs.builder()
.localSsdCount(0)
.build())
.localSsdCount(0)
.localSsdEncryptionMode("string")
.loggingVariant("string")
.machineType("string")
.maxRunDuration("string")
.metadata(Map.of("string", "string"))
.minCpuPlatform("string")
.nodeGroup("string")
.oauthScopes("string")
.preemptible(false)
.reservationAffinity(ClusterNodeConfigReservationAffinityArgs.builder()
.consumeReservationType("string")
.key("string")
.values("string")
.build())
.resourceLabels(Map.of("string", "string"))
.resourceManagerTags(Map.of("string", "string"))
.sandboxConfig(ClusterNodeConfigSandboxConfigArgs.builder()
.sandboxType("string")
.build())
.secondaryBootDisks(ClusterNodeConfigSecondaryBootDiskArgs.builder()
.diskImage("string")
.mode("string")
.build())
.serviceAccount("string")
.shieldedInstanceConfig(ClusterNodeConfigShieldedInstanceConfigArgs.builder()
.enableIntegrityMonitoring(false)
.enableSecureBoot(false)
.build())
.soleTenantConfig(ClusterNodeConfigSoleTenantConfigArgs.builder()
.nodeAffinities(ClusterNodeConfigSoleTenantConfigNodeAffinityArgs.builder()
.key("string")
.operator("string")
.values("string")
.build())
.build())
.spot(false)
.storagePools("string")
.tags("string")
.taints(ClusterNodeConfigTaintArgs.builder()
.effect("string")
.key("string")
.value("string")
.build())
.workloadMetadataConfig(ClusterNodeConfigWorkloadMetadataConfigArgs.builder()
.mode("string")
.build())
.build())
.nodeLocations("string")
.nodePoolAutoConfig(ClusterNodePoolAutoConfigArgs.builder()
.linuxNodeConfig(ClusterNodePoolAutoConfigLinuxNodeConfigArgs.builder()
.cgroupMode("string")
.build())
.networkTags(ClusterNodePoolAutoConfigNetworkTagsArgs.builder()
.tags("string")
.build())
.nodeKubeletConfig(ClusterNodePoolAutoConfigNodeKubeletConfigArgs.builder()
.insecureKubeletReadonlyPortEnabled("string")
.build())
.resourceManagerTags(Map.of("string", "string"))
.build())
.nodePoolDefaults(ClusterNodePoolDefaultsArgs.builder()
.nodeConfigDefaults(ClusterNodePoolDefaultsNodeConfigDefaultsArgs.builder()
.containerdConfig(ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs.builder()
.privateRegistryAccessConfig(ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs.builder()
.enabled(false)
.certificateAuthorityDomainConfigs(ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs.builder()
.fqdns("string")
.gcpSecretManagerCertificateConfig(ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs.builder()
.secretUri("string")
.build())
.build())
.build())
.build())
.gcfsConfig(ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs.builder()
.enabled(false)
.build())
.insecureKubeletReadonlyPortEnabled("string")
.loggingVariant("string")
.build())
.build())
.nodePools(ClusterNodePoolArgs.builder()
.autoscaling(ClusterNodePoolAutoscalingArgs.builder()
.locationPolicy("string")
.maxNodeCount(0)
.minNodeCount(0)
.totalMaxNodeCount(0)
.totalMinNodeCount(0)
.build())
.initialNodeCount(0)
.instanceGroupUrls("string")
.managedInstanceGroupUrls("string")
.management(ClusterNodePoolManagementArgs.builder()
.autoRepair(false)
.autoUpgrade(false)
.build())
.maxPodsPerNode(0)
.name("string")
.namePrefix("string")
.networkConfig(ClusterNodePoolNetworkConfigArgs.builder()
.additionalNodeNetworkConfigs(ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfigArgs.builder()
.network("string")
.subnetwork("string")
.build())
.additionalPodNetworkConfigs(ClusterNodePoolNetworkConfigAdditionalPodNetworkConfigArgs.builder()
.maxPodsPerNode(0)
.secondaryPodRange("string")
.subnetwork("string")
.build())
.createPodRange(false)
.enablePrivateNodes(false)
.networkPerformanceConfig(ClusterNodePoolNetworkConfigNetworkPerformanceConfigArgs.builder()
.totalEgressBandwidthTier("string")
.build())
.podCidrOverprovisionConfig(ClusterNodePoolNetworkConfigPodCidrOverprovisionConfigArgs.builder()
.disabled(false)
.build())
.podIpv4CidrBlock("string")
.podRange("string")
.build())
.nodeConfig(ClusterNodePoolNodeConfigArgs.builder()
.advancedMachineFeatures(ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs.builder()
.threadsPerCore(0)
.enableNestedVirtualization(false)
.build())
.bootDiskKmsKey("string")
.confidentialNodes(ClusterNodePoolNodeConfigConfidentialNodesArgs.builder()
.enabled(false)
.build())
.containerdConfig(ClusterNodePoolNodeConfigContainerdConfigArgs.builder()
.privateRegistryAccessConfig(ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs.builder()
.enabled(false)
.certificateAuthorityDomainConfigs(ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs.builder()
.fqdns("string")
.gcpSecretManagerCertificateConfig(ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs.builder()
.secretUri("string")
.build())
.build())
.build())
.build())
.diskSizeGb(0)
.diskType("string")
.effectiveTaints(ClusterNodePoolNodeConfigEffectiveTaintArgs.builder()
.effect("string")
.key("string")
.value("string")
.build())
.enableConfidentialStorage(false)
.ephemeralStorageConfig(ClusterNodePoolNodeConfigEphemeralStorageConfigArgs.builder()
.localSsdCount(0)
.build())
.ephemeralStorageLocalSsdConfig(ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfigArgs.builder()
.localSsdCount(0)
.build())
.fastSocket(ClusterNodePoolNodeConfigFastSocketArgs.builder()
.enabled(false)
.build())
.gcfsConfig(ClusterNodePoolNodeConfigGcfsConfigArgs.builder()
.enabled(false)
.build())
.guestAccelerators(ClusterNodePoolNodeConfigGuestAcceleratorArgs.builder()
.count(0)
.type("string")
.gpuDriverInstallationConfig(ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs.builder()
.gpuDriverVersion("string")
.build())
.gpuPartitionSize("string")
.gpuSharingConfig(ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfigArgs.builder()
.gpuSharingStrategy("string")
.maxSharedClientsPerGpu(0)
.build())
.build())
.gvnic(ClusterNodePoolNodeConfigGvnicArgs.builder()
.enabled(false)
.build())
.hostMaintenancePolicy(ClusterNodePoolNodeConfigHostMaintenancePolicyArgs.builder()
.maintenanceInterval("string")
.build())
.imageType("string")
.kubeletConfig(ClusterNodePoolNodeConfigKubeletConfigArgs.builder()
.allowedUnsafeSysctls("string")
.containerLogMaxFiles(0)
.containerLogMaxSize("string")
.cpuCfsQuota(false)
.cpuCfsQuotaPeriod("string")
.cpuManagerPolicy("string")
.imageGcHighThresholdPercent(0)
.imageGcLowThresholdPercent(0)
.imageMaximumGcAge("string")
.imageMinimumGcAge("string")
.insecureKubeletReadonlyPortEnabled("string")
.podPidsLimit(0)
.build())
.labels(Map.of("string", "string"))
.linuxNodeConfig(ClusterNodePoolNodeConfigLinuxNodeConfigArgs.builder()
.cgroupMode("string")
.hugepagesConfig(ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfigArgs.builder()
.hugepageSize1g(0)
.hugepageSize2m(0)
.build())
.sysctls(Map.of("string", "string"))
.build())
.localNvmeSsdBlockConfig(ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfigArgs.builder()
.localSsdCount(0)
.build())
.localSsdCount(0)
.localSsdEncryptionMode("string")
.loggingVariant("string")
.machineType("string")
.maxRunDuration("string")
.metadata(Map.of("string", "string"))
.minCpuPlatform("string")
.nodeGroup("string")
.oauthScopes("string")
.preemptible(false)
.reservationAffinity(ClusterNodePoolNodeConfigReservationAffinityArgs.builder()
.consumeReservationType("string")
.key("string")
.values("string")
.build())
.resourceLabels(Map.of("string", "string"))
.resourceManagerTags(Map.of("string", "string"))
.sandboxConfig(ClusterNodePoolNodeConfigSandboxConfigArgs.builder()
.sandboxType("string")
.build())
.secondaryBootDisks(ClusterNodePoolNodeConfigSecondaryBootDiskArgs.builder()
.diskImage("string")
.mode("string")
.build())
.serviceAccount("string")
.shieldedInstanceConfig(ClusterNodePoolNodeConfigShieldedInstanceConfigArgs.builder()
.enableIntegrityMonitoring(false)
.enableSecureBoot(false)
.build())
.soleTenantConfig(ClusterNodePoolNodeConfigSoleTenantConfigArgs.builder()
.nodeAffinities(ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinityArgs.builder()
.key("string")
.operator("string")
.values("string")
.build())
.build())
.spot(false)
.storagePools("string")
.tags("string")
.taints(ClusterNodePoolNodeConfigTaintArgs.builder()
.effect("string")
.key("string")
.value("string")
.build())
.workloadMetadataConfig(ClusterNodePoolNodeConfigWorkloadMetadataConfigArgs.builder()
.mode("string")
.build())
.build())
.nodeCount(0)
.nodeLocations("string")
.placementPolicy(ClusterNodePoolPlacementPolicyArgs.builder()
.type("string")
.policyName("string")
.tpuTopology("string")
.build())
.queuedProvisioning(ClusterNodePoolQueuedProvisioningArgs.builder()
.enabled(false)
.build())
.upgradeSettings(ClusterNodePoolUpgradeSettingsArgs.builder()
.blueGreenSettings(ClusterNodePoolUpgradeSettingsBlueGreenSettingsArgs.builder()
.standardRolloutPolicy(ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs.builder()
.batchNodeCount(0)
.batchPercentage(0)
.batchSoakDuration("string")
.build())
.nodePoolSoakDuration("string")
.build())
.maxSurge(0)
.maxUnavailable(0)
.strategy("string")
.build())
.version("string")
.build())
.nodeVersion("string")
.notificationConfig(ClusterNotificationConfigArgs.builder()
.pubsub(ClusterNotificationConfigPubsubArgs.builder()
.enabled(false)
.filter(ClusterNotificationConfigPubsubFilterArgs.builder()
.eventTypes("string")
.build())
.topic("string")
.build())
.build())
.podSecurityPolicyConfig(ClusterPodSecurityPolicyConfigArgs.builder()
.enabled(false)
.build())
.privateClusterConfig(ClusterPrivateClusterConfigArgs.builder()
.enablePrivateEndpoint(false)
.enablePrivateNodes(false)
.masterGlobalAccessConfig(ClusterPrivateClusterConfigMasterGlobalAccessConfigArgs.builder()
.enabled(false)
.build())
.masterIpv4CidrBlock("string")
.peeringName("string")
.privateEndpoint("string")
.privateEndpointSubnetwork("string")
.publicEndpoint("string")
.build())
.privateIpv6GoogleAccess("string")
.project("string")
.protectConfig(ClusterProtectConfigArgs.builder()
.workloadConfig(ClusterProtectConfigWorkloadConfigArgs.builder()
.auditMode("string")
.build())
.workloadVulnerabilityMode("string")
.build())
.releaseChannel(ClusterReleaseChannelArgs.builder()
.channel("string")
.build())
.removeDefaultNodePool(false)
.resourceLabels(Map.of("string", "string"))
.resourceUsageExportConfig(ClusterResourceUsageExportConfigArgs.builder()
.bigqueryDestination(ClusterResourceUsageExportConfigBigqueryDestinationArgs.builder()
.datasetId("string")
.build())
.enableNetworkEgressMetering(false)
.enableResourceConsumptionMetering(false)
.build())
.secretManagerConfig(ClusterSecretManagerConfigArgs.builder()
.enabled(false)
.build())
.securityPostureConfig(ClusterSecurityPostureConfigArgs.builder()
.mode("string")
.vulnerabilityMode("string")
.build())
.serviceExternalIpsConfig(ClusterServiceExternalIpsConfigArgs.builder()
.enabled(false)
.build())
.subnetwork("string")
.tpuConfig(ClusterTpuConfigArgs.builder()
.enabled(false)
.ipv4CidrBlock("string")
.useServiceNetworking(false)
.build())
.userManagedKeysConfig(ClusterUserManagedKeysConfigArgs.builder()
.aggregationCa("string")
.clusterCa("string")
.controlPlaneDiskEncryptionKey("string")
.etcdApiCa("string")
.etcdPeerCa("string")
.gkeopsEtcdBackupEncryptionKey("string")
.serviceAccountSigningKeys("string")
.serviceAccountVerificationKeys("string")
.build())
.verticalPodAutoscaling(ClusterVerticalPodAutoscalingArgs.builder()
.enabled(false)
.build())
.workloadAltsConfig(ClusterWorkloadAltsConfigArgs.builder()
.enableAlts(false)
.build())
.workloadIdentityConfig(ClusterWorkloadIdentityConfigArgs.builder()
.workloadPool("string")
.build())
.build());
gcp_cluster_resource = gcp.container.Cluster("gcpClusterResource",
addons_config={
"cloudrun_config": {
"disabled": False,
"load_balancer_type": "string",
},
"config_connector_config": {
"enabled": False,
},
"dns_cache_config": {
"enabled": False,
},
"gce_persistent_disk_csi_driver_config": {
"enabled": False,
},
"gcp_filestore_csi_driver_config": {
"enabled": False,
},
"gcs_fuse_csi_driver_config": {
"enabled": False,
},
"gke_backup_agent_config": {
"enabled": False,
},
"horizontal_pod_autoscaling": {
"disabled": False,
},
"http_load_balancing": {
"disabled": False,
},
"istio_config": {
"disabled": False,
"auth": "string",
},
"kalm_config": {
"enabled": False,
},
"network_policy_config": {
"disabled": False,
},
"parallelstore_csi_driver_config": {
"enabled": False,
},
"ray_operator_configs": [{
"enabled": False,
"ray_cluster_logging_config": {
"enabled": False,
},
"ray_cluster_monitoring_config": {
"enabled": False,
},
}],
"stateful_ha_config": {
"enabled": False,
},
},
allow_net_admin=False,
authenticator_groups_config={
"security_group": "string",
},
binary_authorization={
"evaluation_mode": "string",
},
cluster_autoscaling={
"auto_provisioning_defaults": {
"boot_disk_kms_key": "string",
"disk_size": 0,
"disk_type": "string",
"image_type": "string",
"management": {
"auto_repair": False,
"auto_upgrade": False,
"upgrade_options": [{
"auto_upgrade_start_time": "string",
"description": "string",
}],
},
"min_cpu_platform": "string",
"oauth_scopes": ["string"],
"service_account": "string",
"shielded_instance_config": {
"enable_integrity_monitoring": False,
"enable_secure_boot": False,
},
"upgrade_settings": {
"blue_green_settings": {
"node_pool_soak_duration": "string",
"standard_rollout_policy": {
"batch_node_count": 0,
"batch_percentage": 0,
"batch_soak_duration": "string",
},
},
"max_surge": 0,
"max_unavailable": 0,
"strategy": "string",
},
},
"auto_provisioning_locations": ["string"],
"autoscaling_profile": "string",
"enabled": False,
"resource_limits": [{
"maximum": 0,
"resource_type": "string",
"minimum": 0,
}],
},
cluster_ipv4_cidr="string",
cluster_telemetry={
"type": "string",
},
confidential_nodes={
"enabled": False,
},
control_plane_endpoints_config={
"dns_endpoint_config": {
"allow_external_traffic": False,
"endpoint": "string",
},
},
cost_management_config={
"enabled": False,
},
database_encryption={
"state": "string",
"key_name": "string",
},
datapath_provider="string",
default_max_pods_per_node=0,
default_snat_status={
"disabled": False,
},
deletion_protection=False,
description="string",
dns_config={
"additive_vpc_scope_dns_domain": "string",
"cluster_dns": "string",
"cluster_dns_domain": "string",
"cluster_dns_scope": "string",
},
enable_autopilot=False,
enable_cilium_clusterwide_network_policy=False,
enable_fqdn_network_policy=False,
enable_intranode_visibility=False,
enable_k8s_beta_apis={
"enabled_apis": ["string"],
},
enable_kubernetes_alpha=False,
enable_l4_ilb_subsetting=False,
enable_legacy_abac=False,
enable_multi_networking=False,
enable_shielded_nodes=False,
enable_tpu=False,
enterprise_config={
"cluster_tier": "string",
"desired_tier": "string",
},
fleet={
"membership": "string",
"membership_id": "string",
"membership_location": "string",
"pre_registered": False,
"project": "string",
},
gateway_api_config={
"channel": "string",
},
identity_service_config={
"enabled": False,
},
initial_node_count=0,
ip_allocation_policy={
"additional_pod_ranges_config": {
"pod_range_names": ["string"],
},
"cluster_ipv4_cidr_block": "string",
"cluster_secondary_range_name": "string",
"pod_cidr_overprovision_config": {
"disabled": False,
},
"services_ipv4_cidr_block": "string",
"services_secondary_range_name": "string",
"stack_type": "string",
},
location="string",
logging_config={
"enable_components": ["string"],
},
logging_service="string",
maintenance_policy={
"daily_maintenance_window": {
"start_time": "string",
"duration": "string",
},
"maintenance_exclusions": [{
"end_time": "string",
"exclusion_name": "string",
"start_time": "string",
"exclusion_options": {
"scope": "string",
},
}],
"recurring_window": {
"end_time": "string",
"recurrence": "string",
"start_time": "string",
},
},
master_auth={
"client_certificate_config": {
"issue_client_certificate": False,
},
"client_certificate": "string",
"client_key": "string",
"cluster_ca_certificate": "string",
},
master_authorized_networks_config={
"cidr_blocks": [{
"cidr_block": "string",
"display_name": "string",
}],
"gcp_public_cidrs_access_enabled": False,
"private_endpoint_enforcement_enabled": False,
},
mesh_certificates={
"enable_certificates": False,
},
min_master_version="string",
monitoring_config={
"advanced_datapath_observability_config": {
"enable_metrics": False,
"enable_relay": False,
},
"enable_components": ["string"],
"managed_prometheus": {
"enabled": False,
"auto_monitoring_config": {
"scope": "string",
},
},
},
monitoring_service="string",
name="string",
network="string",
network_policy={
"enabled": False,
"provider": "string",
},
networking_mode="string",
node_config={
"advanced_machine_features": {
"threads_per_core": 0,
"enable_nested_virtualization": False,
},
"boot_disk_kms_key": "string",
"confidential_nodes": {
"enabled": False,
},
"containerd_config": {
"private_registry_access_config": {
"enabled": False,
"certificate_authority_domain_configs": [{
"fqdns": ["string"],
"gcp_secret_manager_certificate_config": {
"secret_uri": "string",
},
}],
},
},
"disk_size_gb": 0,
"disk_type": "string",
"effective_taints": [{
"effect": "string",
"key": "string",
"value": "string",
}],
"enable_confidential_storage": False,
"ephemeral_storage_config": {
"local_ssd_count": 0,
},
"ephemeral_storage_local_ssd_config": {
"local_ssd_count": 0,
},
"fast_socket": {
"enabled": False,
},
"gcfs_config": {
"enabled": False,
},
"guest_accelerators": [{
"count": 0,
"type": "string",
"gpu_driver_installation_config": {
"gpu_driver_version": "string",
},
"gpu_partition_size": "string",
"gpu_sharing_config": {
"gpu_sharing_strategy": "string",
"max_shared_clients_per_gpu": 0,
},
}],
"gvnic": {
"enabled": False,
},
"host_maintenance_policy": {
"maintenance_interval": "string",
},
"image_type": "string",
"kubelet_config": {
"allowed_unsafe_sysctls": ["string"],
"container_log_max_files": 0,
"container_log_max_size": "string",
"cpu_cfs_quota": False,
"cpu_cfs_quota_period": "string",
"cpu_manager_policy": "string",
"image_gc_high_threshold_percent": 0,
"image_gc_low_threshold_percent": 0,
"image_maximum_gc_age": "string",
"image_minimum_gc_age": "string",
"insecure_kubelet_readonly_port_enabled": "string",
"pod_pids_limit": 0,
},
"labels": {
"string": "string",
},
"linux_node_config": {
"cgroup_mode": "string",
"hugepages_config": {
"hugepage_size1g": 0,
"hugepage_size2m": 0,
},
"sysctls": {
"string": "string",
},
},
"local_nvme_ssd_block_config": {
"local_ssd_count": 0,
},
"local_ssd_count": 0,
"local_ssd_encryption_mode": "string",
"logging_variant": "string",
"machine_type": "string",
"max_run_duration": "string",
"metadata": {
"string": "string",
},
"min_cpu_platform": "string",
"node_group": "string",
"oauth_scopes": ["string"],
"preemptible": False,
"reservation_affinity": {
"consume_reservation_type": "string",
"key": "string",
"values": ["string"],
},
"resource_labels": {
"string": "string",
},
"resource_manager_tags": {
"string": "string",
},
"sandbox_config": {
"sandbox_type": "string",
},
"secondary_boot_disks": [{
"disk_image": "string",
"mode": "string",
}],
"service_account": "string",
"shielded_instance_config": {
"enable_integrity_monitoring": False,
"enable_secure_boot": False,
},
"sole_tenant_config": {
"node_affinities": [{
"key": "string",
"operator": "string",
"values": ["string"],
}],
},
"spot": False,
"storage_pools": ["string"],
"tags": ["string"],
"taints": [{
"effect": "string",
"key": "string",
"value": "string",
}],
"workload_metadata_config": {
"mode": "string",
},
},
node_locations=["string"],
node_pool_auto_config={
"linux_node_config": {
"cgroup_mode": "string",
},
"network_tags": {
"tags": ["string"],
},
"node_kubelet_config": {
"insecure_kubelet_readonly_port_enabled": "string",
},
"resource_manager_tags": {
"string": "string",
},
},
node_pool_defaults={
"node_config_defaults": {
"containerd_config": {
"private_registry_access_config": {
"enabled": False,
"certificate_authority_domain_configs": [{
"fqdns": ["string"],
"gcp_secret_manager_certificate_config": {
"secret_uri": "string",
},
}],
},
},
"gcfs_config": {
"enabled": False,
},
"insecure_kubelet_readonly_port_enabled": "string",
"logging_variant": "string",
},
},
node_pools=[{
"autoscaling": {
"location_policy": "string",
"max_node_count": 0,
"min_node_count": 0,
"total_max_node_count": 0,
"total_min_node_count": 0,
},
"initial_node_count": 0,
"instance_group_urls": ["string"],
"managed_instance_group_urls": ["string"],
"management": {
"auto_repair": False,
"auto_upgrade": False,
},
"max_pods_per_node": 0,
"name": "string",
"name_prefix": "string",
"network_config": {
"additional_node_network_configs": [{
"network": "string",
"subnetwork": "string",
}],
"additional_pod_network_configs": [{
"max_pods_per_node": 0,
"secondary_pod_range": "string",
"subnetwork": "string",
}],
"create_pod_range": False,
"enable_private_nodes": False,
"network_performance_config": {
"total_egress_bandwidth_tier": "string",
},
"pod_cidr_overprovision_config": {
"disabled": False,
},
"pod_ipv4_cidr_block": "string",
"pod_range": "string",
},
"node_config": {
"advanced_machine_features": {
"threads_per_core": 0,
"enable_nested_virtualization": False,
},
"boot_disk_kms_key": "string",
"confidential_nodes": {
"enabled": False,
},
"containerd_config": {
"private_registry_access_config": {
"enabled": False,
"certificate_authority_domain_configs": [{
"fqdns": ["string"],
"gcp_secret_manager_certificate_config": {
"secret_uri": "string",
},
}],
},
},
"disk_size_gb": 0,
"disk_type": "string",
"effective_taints": [{
"effect": "string",
"key": "string",
"value": "string",
}],
"enable_confidential_storage": False,
"ephemeral_storage_config": {
"local_ssd_count": 0,
},
"ephemeral_storage_local_ssd_config": {
"local_ssd_count": 0,
},
"fast_socket": {
"enabled": False,
},
"gcfs_config": {
"enabled": False,
},
"guest_accelerators": [{
"count": 0,
"type": "string",
"gpu_driver_installation_config": {
"gpu_driver_version": "string",
},
"gpu_partition_size": "string",
"gpu_sharing_config": {
"gpu_sharing_strategy": "string",
"max_shared_clients_per_gpu": 0,
},
}],
"gvnic": {
"enabled": False,
},
"host_maintenance_policy": {
"maintenance_interval": "string",
},
"image_type": "string",
"kubelet_config": {
"allowed_unsafe_sysctls": ["string"],
"container_log_max_files": 0,
"container_log_max_size": "string",
"cpu_cfs_quota": False,
"cpu_cfs_quota_period": "string",
"cpu_manager_policy": "string",
"image_gc_high_threshold_percent": 0,
"image_gc_low_threshold_percent": 0,
"image_maximum_gc_age": "string",
"image_minimum_gc_age": "string",
"insecure_kubelet_readonly_port_enabled": "string",
"pod_pids_limit": 0,
},
"labels": {
"string": "string",
},
"linux_node_config": {
"cgroup_mode": "string",
"hugepages_config": {
"hugepage_size1g": 0,
"hugepage_size2m": 0,
},
"sysctls": {
"string": "string",
},
},
"local_nvme_ssd_block_config": {
"local_ssd_count": 0,
},
"local_ssd_count": 0,
"local_ssd_encryption_mode": "string",
"logging_variant": "string",
"machine_type": "string",
"max_run_duration": "string",
"metadata": {
"string": "string",
},
"min_cpu_platform": "string",
"node_group": "string",
"oauth_scopes": ["string"],
"preemptible": False,
"reservation_affinity": {
"consume_reservation_type": "string",
"key": "string",
"values": ["string"],
},
"resource_labels": {
"string": "string",
},
"resource_manager_tags": {
"string": "string",
},
"sandbox_config": {
"sandbox_type": "string",
},
"secondary_boot_disks": [{
"disk_image": "string",
"mode": "string",
}],
"service_account": "string",
"shielded_instance_config": {
"enable_integrity_monitoring": False,
"enable_secure_boot": False,
},
"sole_tenant_config": {
"node_affinities": [{
"key": "string",
"operator": "string",
"values": ["string"],
}],
},
"spot": False,
"storage_pools": ["string"],
"tags": ["string"],
"taints": [{
"effect": "string",
"key": "string",
"value": "string",
}],
"workload_metadata_config": {
"mode": "string",
},
},
"node_count": 0,
"node_locations": ["string"],
"placement_policy": {
"type": "string",
"policy_name": "string",
"tpu_topology": "string",
},
"queued_provisioning": {
"enabled": False,
},
"upgrade_settings": {
"blue_green_settings": {
"standard_rollout_policy": {
"batch_node_count": 0,
"batch_percentage": 0,
"batch_soak_duration": "string",
},
"node_pool_soak_duration": "string",
},
"max_surge": 0,
"max_unavailable": 0,
"strategy": "string",
},
"version": "string",
}],
node_version="string",
notification_config={
"pubsub": {
"enabled": False,
"filter": {
"event_types": ["string"],
},
"topic": "string",
},
},
pod_security_policy_config={
"enabled": False,
},
private_cluster_config={
"enable_private_endpoint": False,
"enable_private_nodes": False,
"master_global_access_config": {
"enabled": False,
},
"master_ipv4_cidr_block": "string",
"peering_name": "string",
"private_endpoint": "string",
"private_endpoint_subnetwork": "string",
"public_endpoint": "string",
},
private_ipv6_google_access="string",
project="string",
protect_config={
"workload_config": {
"audit_mode": "string",
},
"workload_vulnerability_mode": "string",
},
release_channel={
"channel": "string",
},
remove_default_node_pool=False,
resource_labels={
"string": "string",
},
resource_usage_export_config={
"bigquery_destination": {
"dataset_id": "string",
},
"enable_network_egress_metering": False,
"enable_resource_consumption_metering": False,
},
secret_manager_config={
"enabled": False,
},
security_posture_config={
"mode": "string",
"vulnerability_mode": "string",
},
service_external_ips_config={
"enabled": False,
},
subnetwork="string",
tpu_config={
"enabled": False,
"ipv4_cidr_block": "string",
"use_service_networking": False,
},
user_managed_keys_config={
"aggregation_ca": "string",
"cluster_ca": "string",
"control_plane_disk_encryption_key": "string",
"etcd_api_ca": "string",
"etcd_peer_ca": "string",
"gkeops_etcd_backup_encryption_key": "string",
"service_account_signing_keys": ["string"],
"service_account_verification_keys": ["string"],
},
vertical_pod_autoscaling={
"enabled": False,
},
workload_alts_config={
"enable_alts": False,
},
workload_identity_config={
"workload_pool": "string",
})
const gcpClusterResource = new gcp.container.Cluster("gcpClusterResource", {
addonsConfig: {
cloudrunConfig: {
disabled: false,
loadBalancerType: "string",
},
configConnectorConfig: {
enabled: false,
},
dnsCacheConfig: {
enabled: false,
},
gcePersistentDiskCsiDriverConfig: {
enabled: false,
},
gcpFilestoreCsiDriverConfig: {
enabled: false,
},
gcsFuseCsiDriverConfig: {
enabled: false,
},
gkeBackupAgentConfig: {
enabled: false,
},
horizontalPodAutoscaling: {
disabled: false,
},
httpLoadBalancing: {
disabled: false,
},
istioConfig: {
disabled: false,
auth: "string",
},
kalmConfig: {
enabled: false,
},
networkPolicyConfig: {
disabled: false,
},
parallelstoreCsiDriverConfig: {
enabled: false,
},
rayOperatorConfigs: [{
enabled: false,
rayClusterLoggingConfig: {
enabled: false,
},
rayClusterMonitoringConfig: {
enabled: false,
},
}],
statefulHaConfig: {
enabled: false,
},
},
allowNetAdmin: false,
authenticatorGroupsConfig: {
securityGroup: "string",
},
binaryAuthorization: {
evaluationMode: "string",
},
clusterAutoscaling: {
autoProvisioningDefaults: {
bootDiskKmsKey: "string",
diskSize: 0,
diskType: "string",
imageType: "string",
management: {
autoRepair: false,
autoUpgrade: false,
upgradeOptions: [{
autoUpgradeStartTime: "string",
description: "string",
}],
},
minCpuPlatform: "string",
oauthScopes: ["string"],
serviceAccount: "string",
shieldedInstanceConfig: {
enableIntegrityMonitoring: false,
enableSecureBoot: false,
},
upgradeSettings: {
blueGreenSettings: {
nodePoolSoakDuration: "string",
standardRolloutPolicy: {
batchNodeCount: 0,
batchPercentage: 0,
batchSoakDuration: "string",
},
},
maxSurge: 0,
maxUnavailable: 0,
strategy: "string",
},
},
autoProvisioningLocations: ["string"],
autoscalingProfile: "string",
enabled: false,
resourceLimits: [{
maximum: 0,
resourceType: "string",
minimum: 0,
}],
},
clusterIpv4Cidr: "string",
clusterTelemetry: {
type: "string",
},
confidentialNodes: {
enabled: false,
},
controlPlaneEndpointsConfig: {
dnsEndpointConfig: {
allowExternalTraffic: false,
endpoint: "string",
},
},
costManagementConfig: {
enabled: false,
},
databaseEncryption: {
state: "string",
keyName: "string",
},
datapathProvider: "string",
defaultMaxPodsPerNode: 0,
defaultSnatStatus: {
disabled: false,
},
deletionProtection: false,
description: "string",
dnsConfig: {
additiveVpcScopeDnsDomain: "string",
clusterDns: "string",
clusterDnsDomain: "string",
clusterDnsScope: "string",
},
enableAutopilot: false,
enableCiliumClusterwideNetworkPolicy: false,
enableFqdnNetworkPolicy: false,
enableIntranodeVisibility: false,
enableK8sBetaApis: {
enabledApis: ["string"],
},
enableKubernetesAlpha: false,
enableL4IlbSubsetting: false,
enableLegacyAbac: false,
enableMultiNetworking: false,
enableShieldedNodes: false,
enableTpu: false,
enterpriseConfig: {
clusterTier: "string",
desiredTier: "string",
},
fleet: {
membership: "string",
membershipId: "string",
membershipLocation: "string",
preRegistered: false,
project: "string",
},
gatewayApiConfig: {
channel: "string",
},
identityServiceConfig: {
enabled: false,
},
initialNodeCount: 0,
ipAllocationPolicy: {
additionalPodRangesConfig: {
podRangeNames: ["string"],
},
clusterIpv4CidrBlock: "string",
clusterSecondaryRangeName: "string",
podCidrOverprovisionConfig: {
disabled: false,
},
servicesIpv4CidrBlock: "string",
servicesSecondaryRangeName: "string",
stackType: "string",
},
location: "string",
loggingConfig: {
enableComponents: ["string"],
},
loggingService: "string",
maintenancePolicy: {
dailyMaintenanceWindow: {
startTime: "string",
duration: "string",
},
maintenanceExclusions: [{
endTime: "string",
exclusionName: "string",
startTime: "string",
exclusionOptions: {
scope: "string",
},
}],
recurringWindow: {
endTime: "string",
recurrence: "string",
startTime: "string",
},
},
masterAuth: {
clientCertificateConfig: {
issueClientCertificate: false,
},
clientCertificate: "string",
clientKey: "string",
clusterCaCertificate: "string",
},
masterAuthorizedNetworksConfig: {
cidrBlocks: [{
cidrBlock: "string",
displayName: "string",
}],
gcpPublicCidrsAccessEnabled: false,
privateEndpointEnforcementEnabled: false,
},
meshCertificates: {
enableCertificates: false,
},
minMasterVersion: "string",
monitoringConfig: {
advancedDatapathObservabilityConfig: {
enableMetrics: false,
enableRelay: false,
},
enableComponents: ["string"],
managedPrometheus: {
enabled: false,
autoMonitoringConfig: {
scope: "string",
},
},
},
monitoringService: "string",
name: "string",
network: "string",
networkPolicy: {
enabled: false,
provider: "string",
},
networkingMode: "string",
nodeConfig: {
advancedMachineFeatures: {
threadsPerCore: 0,
enableNestedVirtualization: false,
},
bootDiskKmsKey: "string",
confidentialNodes: {
enabled: false,
},
containerdConfig: {
privateRegistryAccessConfig: {
enabled: false,
certificateAuthorityDomainConfigs: [{
fqdns: ["string"],
gcpSecretManagerCertificateConfig: {
secretUri: "string",
},
}],
},
},
diskSizeGb: 0,
diskType: "string",
effectiveTaints: [{
effect: "string",
key: "string",
value: "string",
}],
enableConfidentialStorage: false,
ephemeralStorageConfig: {
localSsdCount: 0,
},
ephemeralStorageLocalSsdConfig: {
localSsdCount: 0,
},
fastSocket: {
enabled: false,
},
gcfsConfig: {
enabled: false,
},
guestAccelerators: [{
count: 0,
type: "string",
gpuDriverInstallationConfig: {
gpuDriverVersion: "string",
},
gpuPartitionSize: "string",
gpuSharingConfig: {
gpuSharingStrategy: "string",
maxSharedClientsPerGpu: 0,
},
}],
gvnic: {
enabled: false,
},
hostMaintenancePolicy: {
maintenanceInterval: "string",
},
imageType: "string",
kubeletConfig: {
allowedUnsafeSysctls: ["string"],
containerLogMaxFiles: 0,
containerLogMaxSize: "string",
cpuCfsQuota: false,
cpuCfsQuotaPeriod: "string",
cpuManagerPolicy: "string",
imageGcHighThresholdPercent: 0,
imageGcLowThresholdPercent: 0,
imageMaximumGcAge: "string",
imageMinimumGcAge: "string",
insecureKubeletReadonlyPortEnabled: "string",
podPidsLimit: 0,
},
labels: {
string: "string",
},
linuxNodeConfig: {
cgroupMode: "string",
hugepagesConfig: {
hugepageSize1g: 0,
hugepageSize2m: 0,
},
sysctls: {
string: "string",
},
},
localNvmeSsdBlockConfig: {
localSsdCount: 0,
},
localSsdCount: 0,
localSsdEncryptionMode: "string",
loggingVariant: "string",
machineType: "string",
maxRunDuration: "string",
metadata: {
string: "string",
},
minCpuPlatform: "string",
nodeGroup: "string",
oauthScopes: ["string"],
preemptible: false,
reservationAffinity: {
consumeReservationType: "string",
key: "string",
values: ["string"],
},
resourceLabels: {
string: "string",
},
resourceManagerTags: {
string: "string",
},
sandboxConfig: {
sandboxType: "string",
},
secondaryBootDisks: [{
diskImage: "string",
mode: "string",
}],
serviceAccount: "string",
shieldedInstanceConfig: {
enableIntegrityMonitoring: false,
enableSecureBoot: false,
},
soleTenantConfig: {
nodeAffinities: [{
key: "string",
operator: "string",
values: ["string"],
}],
},
spot: false,
storagePools: ["string"],
tags: ["string"],
taints: [{
effect: "string",
key: "string",
value: "string",
}],
workloadMetadataConfig: {
mode: "string",
},
},
nodeLocations: ["string"],
nodePoolAutoConfig: {
linuxNodeConfig: {
cgroupMode: "string",
},
networkTags: {
tags: ["string"],
},
nodeKubeletConfig: {
insecureKubeletReadonlyPortEnabled: "string",
},
resourceManagerTags: {
string: "string",
},
},
nodePoolDefaults: {
nodeConfigDefaults: {
containerdConfig: {
privateRegistryAccessConfig: {
enabled: false,
certificateAuthorityDomainConfigs: [{
fqdns: ["string"],
gcpSecretManagerCertificateConfig: {
secretUri: "string",
},
}],
},
},
gcfsConfig: {
enabled: false,
},
insecureKubeletReadonlyPortEnabled: "string",
loggingVariant: "string",
},
},
nodePools: [{
autoscaling: {
locationPolicy: "string",
maxNodeCount: 0,
minNodeCount: 0,
totalMaxNodeCount: 0,
totalMinNodeCount: 0,
},
initialNodeCount: 0,
instanceGroupUrls: ["string"],
managedInstanceGroupUrls: ["string"],
management: {
autoRepair: false,
autoUpgrade: false,
},
maxPodsPerNode: 0,
name: "string",
namePrefix: "string",
networkConfig: {
additionalNodeNetworkConfigs: [{
network: "string",
subnetwork: "string",
}],
additionalPodNetworkConfigs: [{
maxPodsPerNode: 0,
secondaryPodRange: "string",
subnetwork: "string",
}],
createPodRange: false,
enablePrivateNodes: false,
networkPerformanceConfig: {
totalEgressBandwidthTier: "string",
},
podCidrOverprovisionConfig: {
disabled: false,
},
podIpv4CidrBlock: "string",
podRange: "string",
},
nodeConfig: {
advancedMachineFeatures: {
threadsPerCore: 0,
enableNestedVirtualization: false,
},
bootDiskKmsKey: "string",
confidentialNodes: {
enabled: false,
},
containerdConfig: {
privateRegistryAccessConfig: {
enabled: false,
certificateAuthorityDomainConfigs: [{
fqdns: ["string"],
gcpSecretManagerCertificateConfig: {
secretUri: "string",
},
}],
},
},
diskSizeGb: 0,
diskType: "string",
effectiveTaints: [{
effect: "string",
key: "string",
value: "string",
}],
enableConfidentialStorage: false,
ephemeralStorageConfig: {
localSsdCount: 0,
},
ephemeralStorageLocalSsdConfig: {
localSsdCount: 0,
},
fastSocket: {
enabled: false,
},
gcfsConfig: {
enabled: false,
},
guestAccelerators: [{
count: 0,
type: "string",
gpuDriverInstallationConfig: {
gpuDriverVersion: "string",
},
gpuPartitionSize: "string",
gpuSharingConfig: {
gpuSharingStrategy: "string",
maxSharedClientsPerGpu: 0,
},
}],
gvnic: {
enabled: false,
},
hostMaintenancePolicy: {
maintenanceInterval: "string",
},
imageType: "string",
kubeletConfig: {
allowedUnsafeSysctls: ["string"],
containerLogMaxFiles: 0,
containerLogMaxSize: "string",
cpuCfsQuota: false,
cpuCfsQuotaPeriod: "string",
cpuManagerPolicy: "string",
imageGcHighThresholdPercent: 0,
imageGcLowThresholdPercent: 0,
imageMaximumGcAge: "string",
imageMinimumGcAge: "string",
insecureKubeletReadonlyPortEnabled: "string",
podPidsLimit: 0,
},
labels: {
string: "string",
},
linuxNodeConfig: {
cgroupMode: "string",
hugepagesConfig: {
hugepageSize1g: 0,
hugepageSize2m: 0,
},
sysctls: {
string: "string",
},
},
localNvmeSsdBlockConfig: {
localSsdCount: 0,
},
localSsdCount: 0,
localSsdEncryptionMode: "string",
loggingVariant: "string",
machineType: "string",
maxRunDuration: "string",
metadata: {
string: "string",
},
minCpuPlatform: "string",
nodeGroup: "string",
oauthScopes: ["string"],
preemptible: false,
reservationAffinity: {
consumeReservationType: "string",
key: "string",
values: ["string"],
},
resourceLabels: {
string: "string",
},
resourceManagerTags: {
string: "string",
},
sandboxConfig: {
sandboxType: "string",
},
secondaryBootDisks: [{
diskImage: "string",
mode: "string",
}],
serviceAccount: "string",
shieldedInstanceConfig: {
enableIntegrityMonitoring: false,
enableSecureBoot: false,
},
soleTenantConfig: {
nodeAffinities: [{
key: "string",
operator: "string",
values: ["string"],
}],
},
spot: false,
storagePools: ["string"],
tags: ["string"],
taints: [{
effect: "string",
key: "string",
value: "string",
}],
workloadMetadataConfig: {
mode: "string",
},
},
nodeCount: 0,
nodeLocations: ["string"],
placementPolicy: {
type: "string",
policyName: "string",
tpuTopology: "string",
},
queuedProvisioning: {
enabled: false,
},
upgradeSettings: {
blueGreenSettings: {
standardRolloutPolicy: {
batchNodeCount: 0,
batchPercentage: 0,
batchSoakDuration: "string",
},
nodePoolSoakDuration: "string",
},
maxSurge: 0,
maxUnavailable: 0,
strategy: "string",
},
version: "string",
}],
nodeVersion: "string",
notificationConfig: {
pubsub: {
enabled: false,
filter: {
eventTypes: ["string"],
},
topic: "string",
},
},
podSecurityPolicyConfig: {
enabled: false,
},
privateClusterConfig: {
enablePrivateEndpoint: false,
enablePrivateNodes: false,
masterGlobalAccessConfig: {
enabled: false,
},
masterIpv4CidrBlock: "string",
peeringName: "string",
privateEndpoint: "string",
privateEndpointSubnetwork: "string",
publicEndpoint: "string",
},
privateIpv6GoogleAccess: "string",
project: "string",
protectConfig: {
workloadConfig: {
auditMode: "string",
},
workloadVulnerabilityMode: "string",
},
releaseChannel: {
channel: "string",
},
removeDefaultNodePool: false,
resourceLabels: {
string: "string",
},
resourceUsageExportConfig: {
bigqueryDestination: {
datasetId: "string",
},
enableNetworkEgressMetering: false,
enableResourceConsumptionMetering: false,
},
secretManagerConfig: {
enabled: false,
},
securityPostureConfig: {
mode: "string",
vulnerabilityMode: "string",
},
serviceExternalIpsConfig: {
enabled: false,
},
subnetwork: "string",
tpuConfig: {
enabled: false,
ipv4CidrBlock: "string",
useServiceNetworking: false,
},
userManagedKeysConfig: {
aggregationCa: "string",
clusterCa: "string",
controlPlaneDiskEncryptionKey: "string",
etcdApiCa: "string",
etcdPeerCa: "string",
gkeopsEtcdBackupEncryptionKey: "string",
serviceAccountSigningKeys: ["string"],
serviceAccountVerificationKeys: ["string"],
},
verticalPodAutoscaling: {
enabled: false,
},
workloadAltsConfig: {
enableAlts: false,
},
workloadIdentityConfig: {
workloadPool: "string",
},
});
type: gcp:container:Cluster
properties:
addonsConfig:
cloudrunConfig:
disabled: false
loadBalancerType: string
configConnectorConfig:
enabled: false
dnsCacheConfig:
enabled: false
gcePersistentDiskCsiDriverConfig:
enabled: false
gcpFilestoreCsiDriverConfig:
enabled: false
gcsFuseCsiDriverConfig:
enabled: false
gkeBackupAgentConfig:
enabled: false
horizontalPodAutoscaling:
disabled: false
httpLoadBalancing:
disabled: false
istioConfig:
auth: string
disabled: false
kalmConfig:
enabled: false
networkPolicyConfig:
disabled: false
parallelstoreCsiDriverConfig:
enabled: false
rayOperatorConfigs:
- enabled: false
rayClusterLoggingConfig:
enabled: false
rayClusterMonitoringConfig:
enabled: false
statefulHaConfig:
enabled: false
allowNetAdmin: false
authenticatorGroupsConfig:
securityGroup: string
binaryAuthorization:
evaluationMode: string
clusterAutoscaling:
autoProvisioningDefaults:
bootDiskKmsKey: string
diskSize: 0
diskType: string
imageType: string
management:
autoRepair: false
autoUpgrade: false
upgradeOptions:
- autoUpgradeStartTime: string
description: string
minCpuPlatform: string
oauthScopes:
- string
serviceAccount: string
shieldedInstanceConfig:
enableIntegrityMonitoring: false
enableSecureBoot: false
upgradeSettings:
blueGreenSettings:
nodePoolSoakDuration: string
standardRolloutPolicy:
batchNodeCount: 0
batchPercentage: 0
batchSoakDuration: string
maxSurge: 0
maxUnavailable: 0
strategy: string
autoProvisioningLocations:
- string
autoscalingProfile: string
enabled: false
resourceLimits:
- maximum: 0
minimum: 0
resourceType: string
clusterIpv4Cidr: string
clusterTelemetry:
type: string
confidentialNodes:
enabled: false
controlPlaneEndpointsConfig:
dnsEndpointConfig:
allowExternalTraffic: false
endpoint: string
costManagementConfig:
enabled: false
databaseEncryption:
keyName: string
state: string
datapathProvider: string
defaultMaxPodsPerNode: 0
defaultSnatStatus:
disabled: false
deletionProtection: false
description: string
dnsConfig:
additiveVpcScopeDnsDomain: string
clusterDns: string
clusterDnsDomain: string
clusterDnsScope: string
enableAutopilot: false
enableCiliumClusterwideNetworkPolicy: false
enableFqdnNetworkPolicy: false
enableIntranodeVisibility: false
enableK8sBetaApis:
enabledApis:
- string
enableKubernetesAlpha: false
enableL4IlbSubsetting: false
enableLegacyAbac: false
enableMultiNetworking: false
enableShieldedNodes: false
enableTpu: false
enterpriseConfig:
clusterTier: string
desiredTier: string
fleet:
membership: string
membershipId: string
membershipLocation: string
preRegistered: false
project: string
gatewayApiConfig:
channel: string
identityServiceConfig:
enabled: false
initialNodeCount: 0
ipAllocationPolicy:
additionalPodRangesConfig:
podRangeNames:
- string
clusterIpv4CidrBlock: string
clusterSecondaryRangeName: string
podCidrOverprovisionConfig:
disabled: false
servicesIpv4CidrBlock: string
servicesSecondaryRangeName: string
stackType: string
location: string
loggingConfig:
enableComponents:
- string
loggingService: string
maintenancePolicy:
dailyMaintenanceWindow:
duration: string
startTime: string
maintenanceExclusions:
- endTime: string
exclusionName: string
exclusionOptions:
scope: string
startTime: string
recurringWindow:
endTime: string
recurrence: string
startTime: string
masterAuth:
clientCertificate: string
clientCertificateConfig:
issueClientCertificate: false
clientKey: string
clusterCaCertificate: string
masterAuthorizedNetworksConfig:
cidrBlocks:
- cidrBlock: string
displayName: string
gcpPublicCidrsAccessEnabled: false
privateEndpointEnforcementEnabled: false
meshCertificates:
enableCertificates: false
minMasterVersion: string
monitoringConfig:
advancedDatapathObservabilityConfig:
enableMetrics: false
enableRelay: false
enableComponents:
- string
managedPrometheus:
autoMonitoringConfig:
scope: string
enabled: false
monitoringService: string
name: string
network: string
networkPolicy:
enabled: false
provider: string
networkingMode: string
nodeConfig:
advancedMachineFeatures:
enableNestedVirtualization: false
threadsPerCore: 0
bootDiskKmsKey: string
confidentialNodes:
enabled: false
containerdConfig:
privateRegistryAccessConfig:
certificateAuthorityDomainConfigs:
- fqdns:
- string
gcpSecretManagerCertificateConfig:
secretUri: string
enabled: false
diskSizeGb: 0
diskType: string
effectiveTaints:
- effect: string
key: string
value: string
enableConfidentialStorage: false
ephemeralStorageConfig:
localSsdCount: 0
ephemeralStorageLocalSsdConfig:
localSsdCount: 0
fastSocket:
enabled: false
gcfsConfig:
enabled: false
guestAccelerators:
- count: 0
gpuDriverInstallationConfig:
gpuDriverVersion: string
gpuPartitionSize: string
gpuSharingConfig:
gpuSharingStrategy: string
maxSharedClientsPerGpu: 0
type: string
gvnic:
enabled: false
hostMaintenancePolicy:
maintenanceInterval: string
imageType: string
kubeletConfig:
allowedUnsafeSysctls:
- string
containerLogMaxFiles: 0
containerLogMaxSize: string
cpuCfsQuota: false
cpuCfsQuotaPeriod: string
cpuManagerPolicy: string
imageGcHighThresholdPercent: 0
imageGcLowThresholdPercent: 0
imageMaximumGcAge: string
imageMinimumGcAge: string
insecureKubeletReadonlyPortEnabled: string
podPidsLimit: 0
labels:
string: string
linuxNodeConfig:
cgroupMode: string
hugepagesConfig:
hugepageSize1g: 0
hugepageSize2m: 0
sysctls:
string: string
localNvmeSsdBlockConfig:
localSsdCount: 0
localSsdCount: 0
localSsdEncryptionMode: string
loggingVariant: string
machineType: string
maxRunDuration: string
metadata:
string: string
minCpuPlatform: string
nodeGroup: string
oauthScopes:
- string
preemptible: false
reservationAffinity:
consumeReservationType: string
key: string
values:
- string
resourceLabels:
string: string
resourceManagerTags:
string: string
sandboxConfig:
sandboxType: string
secondaryBootDisks:
- diskImage: string
mode: string
serviceAccount: string
shieldedInstanceConfig:
enableIntegrityMonitoring: false
enableSecureBoot: false
soleTenantConfig:
nodeAffinities:
- key: string
operator: string
values:
- string
spot: false
storagePools:
- string
tags:
- string
taints:
- effect: string
key: string
value: string
workloadMetadataConfig:
mode: string
nodeLocations:
- string
nodePoolAutoConfig:
linuxNodeConfig:
cgroupMode: string
networkTags:
tags:
- string
nodeKubeletConfig:
insecureKubeletReadonlyPortEnabled: string
resourceManagerTags:
string: string
nodePoolDefaults:
nodeConfigDefaults:
containerdConfig:
privateRegistryAccessConfig:
certificateAuthorityDomainConfigs:
- fqdns:
- string
gcpSecretManagerCertificateConfig:
secretUri: string
enabled: false
gcfsConfig:
enabled: false
insecureKubeletReadonlyPortEnabled: string
loggingVariant: string
nodePools:
- autoscaling:
locationPolicy: string
maxNodeCount: 0
minNodeCount: 0
totalMaxNodeCount: 0
totalMinNodeCount: 0
initialNodeCount: 0
instanceGroupUrls:
- string
managedInstanceGroupUrls:
- string
management:
autoRepair: false
autoUpgrade: false
maxPodsPerNode: 0
name: string
namePrefix: string
networkConfig:
additionalNodeNetworkConfigs:
- network: string
subnetwork: string
additionalPodNetworkConfigs:
- maxPodsPerNode: 0
secondaryPodRange: string
subnetwork: string
createPodRange: false
enablePrivateNodes: false
networkPerformanceConfig:
totalEgressBandwidthTier: string
podCidrOverprovisionConfig:
disabled: false
podIpv4CidrBlock: string
podRange: string
nodeConfig:
advancedMachineFeatures:
enableNestedVirtualization: false
threadsPerCore: 0
bootDiskKmsKey: string
confidentialNodes:
enabled: false
containerdConfig:
privateRegistryAccessConfig:
certificateAuthorityDomainConfigs:
- fqdns:
- string
gcpSecretManagerCertificateConfig:
secretUri: string
enabled: false
diskSizeGb: 0
diskType: string
effectiveTaints:
- effect: string
key: string
value: string
enableConfidentialStorage: false
ephemeralStorageConfig:
localSsdCount: 0
ephemeralStorageLocalSsdConfig:
localSsdCount: 0
fastSocket:
enabled: false
gcfsConfig:
enabled: false
guestAccelerators:
- count: 0
gpuDriverInstallationConfig:
gpuDriverVersion: string
gpuPartitionSize: string
gpuSharingConfig:
gpuSharingStrategy: string
maxSharedClientsPerGpu: 0
type: string
gvnic:
enabled: false
hostMaintenancePolicy:
maintenanceInterval: string
imageType: string
kubeletConfig:
allowedUnsafeSysctls:
- string
containerLogMaxFiles: 0
containerLogMaxSize: string
cpuCfsQuota: false
cpuCfsQuotaPeriod: string
cpuManagerPolicy: string
imageGcHighThresholdPercent: 0
imageGcLowThresholdPercent: 0
imageMaximumGcAge: string
imageMinimumGcAge: string
insecureKubeletReadonlyPortEnabled: string
podPidsLimit: 0
labels:
string: string
linuxNodeConfig:
cgroupMode: string
hugepagesConfig:
hugepageSize1g: 0
hugepageSize2m: 0
sysctls:
string: string
localNvmeSsdBlockConfig:
localSsdCount: 0
localSsdCount: 0
localSsdEncryptionMode: string
loggingVariant: string
machineType: string
maxRunDuration: string
metadata:
string: string
minCpuPlatform: string
nodeGroup: string
oauthScopes:
- string
preemptible: false
reservationAffinity:
consumeReservationType: string
key: string
values:
- string
resourceLabels:
string: string
resourceManagerTags:
string: string
sandboxConfig:
sandboxType: string
secondaryBootDisks:
- diskImage: string
mode: string
serviceAccount: string
shieldedInstanceConfig:
enableIntegrityMonitoring: false
enableSecureBoot: false
soleTenantConfig:
nodeAffinities:
- key: string
operator: string
values:
- string
spot: false
storagePools:
- string
tags:
- string
taints:
- effect: string
key: string
value: string
workloadMetadataConfig:
mode: string
nodeCount: 0
nodeLocations:
- string
placementPolicy:
policyName: string
tpuTopology: string
type: string
queuedProvisioning:
enabled: false
upgradeSettings:
blueGreenSettings:
nodePoolSoakDuration: string
standardRolloutPolicy:
batchNodeCount: 0
batchPercentage: 0
batchSoakDuration: string
maxSurge: 0
maxUnavailable: 0
strategy: string
version: string
nodeVersion: string
notificationConfig:
pubsub:
enabled: false
filter:
eventTypes:
- string
topic: string
podSecurityPolicyConfig:
enabled: false
privateClusterConfig:
enablePrivateEndpoint: false
enablePrivateNodes: false
masterGlobalAccessConfig:
enabled: false
masterIpv4CidrBlock: string
peeringName: string
privateEndpoint: string
privateEndpointSubnetwork: string
publicEndpoint: string
privateIpv6GoogleAccess: string
project: string
protectConfig:
workloadConfig:
auditMode: string
workloadVulnerabilityMode: string
releaseChannel:
channel: string
removeDefaultNodePool: false
resourceLabels:
string: string
resourceUsageExportConfig:
bigqueryDestination:
datasetId: string
enableNetworkEgressMetering: false
enableResourceConsumptionMetering: false
secretManagerConfig:
enabled: false
securityPostureConfig:
mode: string
vulnerabilityMode: string
serviceExternalIpsConfig:
enabled: false
subnetwork: string
tpuConfig:
enabled: false
ipv4CidrBlock: string
useServiceNetworking: false
userManagedKeysConfig:
aggregationCa: string
clusterCa: string
controlPlaneDiskEncryptionKey: string
etcdApiCa: string
etcdPeerCa: string
gkeopsEtcdBackupEncryptionKey: string
serviceAccountSigningKeys:
- string
serviceAccountVerificationKeys:
- string
verticalPodAutoscaling:
enabled: false
workloadAltsConfig:
enableAlts: false
workloadIdentityConfig:
workloadPool: string
Cluster Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Cluster resource accepts the following input properties:
- Addons
Config ClusterAddons Config - The configuration for addons supported by GKE. Structure is documented below.
- Allow
Net boolAdmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - Authenticator
Groups ClusterConfig Authenticator Groups Config - Configuration for the Google Groups for GKE feature. Structure is documented below.
-
Cluster
Binary Authorization - Configuration options for the Binary Authorization feature. Structure is documented below.
- Cluster
Autoscaling ClusterCluster Autoscaling - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- Cluster
Ipv4Cidr string - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - Cluster
Telemetry ClusterCluster Telemetry - Configuration for ClusterTelemetry feature, Structure is documented below.
- Confidential
Nodes ClusterConfidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- Control
Plane ClusterEndpoints Config Control Plane Endpoints Config - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- Cost
Management ClusterConfig Cost Management Config - Configuration for the Cost Allocation feature. Structure is documented below.
- Database
Encryption ClusterDatabase Encryption - Structure is documented below.
- Datapath
Provider string - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - Default
Max intPods Per Node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- Default
Snat ClusterStatus Default Snat Status - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- Deletion
Protection bool - Description string
- Description of the cluster.
- Dns
Config ClusterDns Config - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- Enable
Autopilot bool - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - Enable
Cilium boolClusterwide Network Policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- Enable
Fqdn boolNetwork Policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - Enable
Intranode boolVisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- Enable
K8s ClusterBeta Apis Enable K8s Beta Apis - Configuration for Kubernetes Beta APIs. Structure is documented below.
- Enable
Kubernetes boolAlpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- Enable
L4Ilb boolSubsetting - Whether L4ILB Subsetting is enabled for this cluster.
- Enable
Legacy boolAbac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - Enable
Multi boolNetworking - Whether multi-networking is enabled for this cluster.
- Enable
Shielded boolNodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - Enable
Tpu bool - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- Enterprise
Config ClusterEnterprise Config Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- Fleet
Cluster
Fleet - Fleet configuration for the cluster. Structure is documented below.
- Gateway
Api ClusterConfig Gateway Api Config - Configuration for GKE Gateway API controller. Structure is documented below.
- Identity
Service ClusterConfig Identity Service Config - . Structure is documented below.
- Initial
Node intCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - Ip
Allocation ClusterPolicy Ip Allocation Policy - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- Location string
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - Logging
Config ClusterLogging Config - Logging configuration for the cluster. Structure is documented below.
- Logging
Service string - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - Maintenance
Policy ClusterMaintenance Policy - The maintenance policy to use for the cluster. Structure is documented below.
- Master
Auth ClusterMaster Auth - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. -
Cluster
Master Authorized Networks Config - The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - Mesh
Certificates ClusterMesh Certificates - Structure is documented below.
- Min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- Monitoring
Config ClusterMonitoring Config - Monitoring configuration for the cluster. Structure is documented below.
- Monitoring
Service string - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - Name string
- The name of the cluster, unique within the project and
location.
- Network string
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- Network
Policy ClusterNetwork Policy - Configuration options for the NetworkPolicy feature. Structure is documented below.
- Networking
Mode string - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - Node
Config ClusterNode Config - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - Node
Locations List<string> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- Node
Pool ClusterAuto Config Node Pool Auto Config - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- Node
Pool ClusterDefaults Node Pool Defaults - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- Node
Pools List<ClusterNode Pool> - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- Node
Version string - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - Notification
Config ClusterNotification Config - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- Pod
Security ClusterPolicy Config Pod Security Policy Config - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- Private
Cluster ClusterConfig Private Cluster Config - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- Private
Ipv6Google stringAccess - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protect
Config ClusterProtect Config - Enable/Disable Protect API features for the cluster. Structure is documented below.
- Release
Channel ClusterRelease Channel - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - Remove
Default boolNode Pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - Resource
Labels Dictionary<string, string> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- Resource
Usage ClusterExport Config Resource Usage Export Config - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- Secret
Manager ClusterConfig Secret Manager Config - Configuration for the SecretManagerConfig feature. Structure is documented below.
- Security
Posture ClusterConfig Security Posture Config - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- Service
External ClusterIps Config Service External Ips Config - Structure is documented below.
- Subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- Tpu
Config ClusterTpu Config - TPU configuration for the cluster.
- User
Managed ClusterKeys Config User Managed Keys Config - The custom keys configuration of the cluster.
- Vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- Workload
Alts ClusterConfig Workload Alts Config - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- Workload
Identity ClusterConfig Workload Identity Config - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- Addons
Config ClusterAddons Config Args - The configuration for addons supported by GKE. Structure is documented below.
- Allow
Net boolAdmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - Authenticator
Groups ClusterConfig Authenticator Groups Config Args - Configuration for the Google Groups for GKE feature. Structure is documented below.
-
Cluster
Binary Authorization Args - Configuration options for the Binary Authorization feature. Structure is documented below.
- Cluster
Autoscaling ClusterCluster Autoscaling Args - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- Cluster
Ipv4Cidr string - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - Cluster
Telemetry ClusterCluster Telemetry Args - Configuration for ClusterTelemetry feature, Structure is documented below.
- Confidential
Nodes ClusterConfidential Nodes Args - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- Control
Plane ClusterEndpoints Config Control Plane Endpoints Config Args - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- Cost
Management ClusterConfig Cost Management Config Args - Configuration for the Cost Allocation feature. Structure is documented below.
- Database
Encryption ClusterDatabase Encryption Args - Structure is documented below.
- Datapath
Provider string - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - Default
Max intPods Per Node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- Default
Snat ClusterStatus Default Snat Status Args - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- Deletion
Protection bool - Description string
- Description of the cluster.
- Dns
Config ClusterDns Config Args - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- Enable
Autopilot bool - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - Enable
Cilium boolClusterwide Network Policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- Enable
Fqdn boolNetwork Policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - Enable
Intranode boolVisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- Enable
K8s ClusterBeta Apis Enable K8s Beta Apis Args - Configuration for Kubernetes Beta APIs. Structure is documented below.
- Enable
Kubernetes boolAlpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- Enable
L4Ilb boolSubsetting - Whether L4ILB Subsetting is enabled for this cluster.
- Enable
Legacy boolAbac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - Enable
Multi boolNetworking - Whether multi-networking is enabled for this cluster.
- Enable
Shielded boolNodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - Enable
Tpu bool - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- Enterprise
Config ClusterEnterprise Config Args Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- Fleet
Cluster
Fleet Args - Fleet configuration for the cluster. Structure is documented below.
- Gateway
Api ClusterConfig Gateway Api Config Args - Configuration for GKE Gateway API controller. Structure is documented below.
- Identity
Service ClusterConfig Identity Service Config Args - . Structure is documented below.
- Initial
Node intCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - Ip
Allocation ClusterPolicy Ip Allocation Policy Args - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- Location string
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - Logging
Config ClusterLogging Config Args - Logging configuration for the cluster. Structure is documented below.
- Logging
Service string - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - Maintenance
Policy ClusterMaintenance Policy Args - The maintenance policy to use for the cluster. Structure is documented below.
- Master
Auth ClusterMaster Auth Args - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. -
Cluster
Master Authorized Networks Config Args - The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - Mesh
Certificates ClusterMesh Certificates Args - Structure is documented below.
- Min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- Monitoring
Config ClusterMonitoring Config Args - Monitoring configuration for the cluster. Structure is documented below.
- Monitoring
Service string - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - Name string
- The name of the cluster, unique within the project and
location.
- Network string
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- Network
Policy ClusterNetwork Policy Args - Configuration options for the NetworkPolicy feature. Structure is documented below.
- Networking
Mode string - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - Node
Config ClusterNode Config Args - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - Node
Locations []string The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- Node
Pool ClusterAuto Config Node Pool Auto Config Args - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- Node
Pool ClusterDefaults Node Pool Defaults Args - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- Node
Pools []ClusterNode Pool Args - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- Node
Version string - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - Notification
Config ClusterNotification Config Args - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- Pod
Security ClusterPolicy Config Pod Security Policy Config Args - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- Private
Cluster ClusterConfig Private Cluster Config Args - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- Private
Ipv6Google stringAccess - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protect
Config ClusterProtect Config Args - Enable/Disable Protect API features for the cluster. Structure is documented below.
- Release
Channel ClusterRelease Channel Args - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - Remove
Default boolNode Pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - Resource
Labels map[string]string The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- Resource
Usage ClusterExport Config Resource Usage Export Config Args - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- Secret
Manager ClusterConfig Secret Manager Config Args - Configuration for the SecretManagerConfig feature. Structure is documented below.
- Security
Posture ClusterConfig Security Posture Config Args - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- Service
External ClusterIps Config Service External Ips Config Args - Structure is documented below.
- Subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- Tpu
Config ClusterTpu Config Args - TPU configuration for the cluster.
- User
Managed ClusterKeys Config User Managed Keys Config Args - The custom keys configuration of the cluster.
- Vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling Args - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- Workload
Alts ClusterConfig Workload Alts Config Args - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- Workload
Identity ClusterConfig Workload Identity Config Args - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config ClusterAddons Config - The configuration for addons supported by GKE. Structure is documented below.
- allow
Net BooleanAdmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - authenticator
Groups ClusterConfig Authenticator Groups Config - Configuration for the Google Groups for GKE feature. Structure is documented below.
-
Cluster
Binary Authorization - Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling ClusterCluster Autoscaling - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr String - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - cluster
Telemetry ClusterCluster Telemetry - Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes ClusterConfidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- control
Plane ClusterEndpoints Config Control Plane Endpoints Config - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- cost
Management ClusterConfig Cost Management Config - Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption ClusterDatabase Encryption - Structure is documented below.
- datapath
Provider String - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - default
Max IntegerPods Per Node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat ClusterStatus Default Snat Status - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- deletion
Protection Boolean - description String
- Description of the cluster.
- dns
Config ClusterDns Config - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable
Autopilot Boolean - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - enable
Cilium BooleanClusterwide Network Policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- enable
Fqdn BooleanNetwork Policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - enable
Intranode BooleanVisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s ClusterBeta Apis Enable K8s Beta Apis - Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes BooleanAlpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb BooleanSubsetting - Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy BooleanAbac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - enable
Multi BooleanNetworking - Whether multi-networking is enabled for this cluster.
- enable
Shielded BooleanNodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - enable
Tpu Boolean - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- enterprise
Config ClusterEnterprise Config Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- fleet
Cluster
Fleet - Fleet configuration for the cluster. Structure is documented below.
- gateway
Api ClusterConfig Gateway Api Config - Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service ClusterConfig Identity Service Config - . Structure is documented below.
- initial
Node IntegerCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - ip
Allocation ClusterPolicy Ip Allocation Policy - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- location String
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - logging
Config ClusterLogging Config - Logging configuration for the cluster. Structure is documented below.
- logging
Service String - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - maintenance
Policy ClusterMaintenance Policy - The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth ClusterMaster Auth - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. -
Cluster
Master Authorized Networks Config - The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - mesh
Certificates ClusterMesh Certificates - Structure is documented below.
- min
Master StringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config ClusterMonitoring Config - Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service String - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - name String
- The name of the cluster, unique within the project and
location.
- network String
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy ClusterNetwork Policy - Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode String - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - node
Config ClusterNode Config - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node
Locations List<String> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool ClusterAuto Config Node Pool Auto Config - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool ClusterDefaults Node Pool Defaults - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools List<ClusterNode Pool> - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version String - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - notification
Config ClusterNotification Config - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- pod
Security ClusterPolicy Config Pod Security Policy Config - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster ClusterConfig Private Cluster Config - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google StringAccess - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config ClusterProtect Config - Enable/Disable Protect API features for the cluster. Structure is documented below.
- release
Channel ClusterRelease Channel - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - remove
Default BooleanNode Pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - resource
Labels Map<String,String> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- resource
Usage ClusterExport Config Resource Usage Export Config - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- secret
Manager ClusterConfig Secret Manager Config - Configuration for the SecretManagerConfig feature. Structure is documented below.
- security
Posture ClusterConfig Security Posture Config - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- service
External ClusterIps Config Service External Ips Config - Structure is documented below.
- subnetwork String
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config ClusterTpu Config - TPU configuration for the cluster.
- user
Managed ClusterKeys Config User Managed Keys Config - The custom keys configuration of the cluster.
- vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Alts ClusterConfig Workload Alts Config - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- workload
Identity ClusterConfig Workload Identity Config - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config ClusterAddons Config - The configuration for addons supported by GKE. Structure is documented below.
- allow
Net booleanAdmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - authenticator
Groups ClusterConfig Authenticator Groups Config - Configuration for the Google Groups for GKE feature. Structure is documented below.
-
Cluster
Binary Authorization - Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling ClusterCluster Autoscaling - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr string - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - cluster
Telemetry ClusterCluster Telemetry - Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes ClusterConfidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- control
Plane ClusterEndpoints Config Control Plane Endpoints Config - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- cost
Management ClusterConfig Cost Management Config - Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption ClusterDatabase Encryption - Structure is documented below.
- datapath
Provider string - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - default
Max numberPods Per Node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat ClusterStatus Default Snat Status - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- deletion
Protection boolean - description string
- Description of the cluster.
- dns
Config ClusterDns Config - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable
Autopilot boolean - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - enable
Cilium booleanClusterwide Network Policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- enable
Fqdn booleanNetwork Policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - enable
Intranode booleanVisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s ClusterBeta Apis Enable K8s Beta Apis - Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes booleanAlpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb booleanSubsetting - Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy booleanAbac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - enable
Multi booleanNetworking - Whether multi-networking is enabled for this cluster.
- enable
Shielded booleanNodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - enable
Tpu boolean - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- enterprise
Config ClusterEnterprise Config Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- fleet
Cluster
Fleet - Fleet configuration for the cluster. Structure is documented below.
- gateway
Api ClusterConfig Gateway Api Config - Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service ClusterConfig Identity Service Config - . Structure is documented below.
- initial
Node numberCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - ip
Allocation ClusterPolicy Ip Allocation Policy - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- location string
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - logging
Config ClusterLogging Config - Logging configuration for the cluster. Structure is documented below.
- logging
Service string - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - maintenance
Policy ClusterMaintenance Policy - The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth ClusterMaster Auth - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. -
Cluster
Master Authorized Networks Config - The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - mesh
Certificates ClusterMesh Certificates - Structure is documented below.
- min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config ClusterMonitoring Config - Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service string - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - name string
- The name of the cluster, unique within the project and
location.
- network string
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy ClusterNetwork Policy - Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode string - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - node
Config ClusterNode Config - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node
Locations string[] The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool ClusterAuto Config Node Pool Auto Config - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool ClusterDefaults Node Pool Defaults - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools ClusterNode Pool[] - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version string - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - notification
Config ClusterNotification Config - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- pod
Security ClusterPolicy Config Pod Security Policy Config - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster ClusterConfig Private Cluster Config - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google stringAccess - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config ClusterProtect Config - Enable/Disable Protect API features for the cluster. Structure is documented below.
- release
Channel ClusterRelease Channel - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - remove
Default booleanNode Pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - resource
Labels {[key: string]: string} The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- resource
Usage ClusterExport Config Resource Usage Export Config - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- secret
Manager ClusterConfig Secret Manager Config - Configuration for the SecretManagerConfig feature. Structure is documented below.
- security
Posture ClusterConfig Security Posture Config - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- service
External ClusterIps Config Service External Ips Config - Structure is documented below.
- subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config ClusterTpu Config - TPU configuration for the cluster.
- user
Managed ClusterKeys Config User Managed Keys Config - The custom keys configuration of the cluster.
- vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Alts ClusterConfig Workload Alts Config - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- workload
Identity ClusterConfig Workload Identity Config - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons_
config ClusterAddons Config Args - The configuration for addons supported by GKE. Structure is documented below.
- allow_
net_ booladmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - authenticator_
groups_ Clusterconfig Authenticator Groups Config Args - Configuration for the Google Groups for GKE feature. Structure is documented below.
-
Cluster
Binary Authorization Args - Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster_
autoscaling ClusterCluster Autoscaling Args - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster_
ipv4_ strcidr - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - cluster_
telemetry ClusterCluster Telemetry Args - Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential_
nodes ClusterConfidential Nodes Args - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- control_
plane_ Clusterendpoints_ config Control Plane Endpoints Config Args - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- cost_
management_ Clusterconfig Cost Management Config Args - Configuration for the Cost Allocation feature. Structure is documented below.
- database_
encryption ClusterDatabase Encryption Args - Structure is documented below.
- datapath_
provider str - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - default_
max_ intpods_ per_ node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default_
snat_ Clusterstatus Default Snat Status Args - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- deletion_
protection bool - description str
- Description of the cluster.
- dns_
config ClusterDns Config Args - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable_
autopilot bool - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - enable_
cilium_ boolclusterwide_ network_ policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- enable_
fqdn_ boolnetwork_ policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - enable_
intranode_ boolvisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable_
k8s_ Clusterbeta_ apis Enable K8s Beta Apis Args - Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable_
kubernetes_ boolalpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable_
l4_ boolilb_ subsetting - Whether L4ILB Subsetting is enabled for this cluster.
- enable_
legacy_ boolabac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - enable_
multi_ boolnetworking - Whether multi-networking is enabled for this cluster.
- enable_
shielded_ boolnodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - enable_
tpu bool - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- enterprise_
config ClusterEnterprise Config Args Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- fleet
Cluster
Fleet Args - Fleet configuration for the cluster. Structure is documented below.
- gateway_
api_ Clusterconfig Gateway Api Config Args - Configuration for GKE Gateway API controller. Structure is documented below.
- identity_
service_ Clusterconfig Identity Service Config Args - . Structure is documented below.
- initial_
node_ intcount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - ip_
allocation_ Clusterpolicy Ip Allocation Policy Args - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- location str
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - logging_
config ClusterLogging Config Args - Logging configuration for the cluster. Structure is documented below.
- logging_
service str - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - maintenance_
policy ClusterMaintenance Policy Args - The maintenance policy to use for the cluster. Structure is documented below.
- master_
auth ClusterMaster Auth Args - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. -
Cluster
Master Authorized Networks Config Args - The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - mesh_
certificates ClusterMesh Certificates Args - Structure is documented below.
- min_
master_ strversion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring_
config ClusterMonitoring Config Args - Monitoring configuration for the cluster. Structure is documented below.
- monitoring_
service str - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - name str
- The name of the cluster, unique within the project and
location.
- network str
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network_
policy ClusterNetwork Policy Args - Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking_
mode str - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - node_
config ClusterNode Config Args - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node_
locations Sequence[str] The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node_
pool_ Clusterauto_ config Node Pool Auto Config Args - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node_
pool_ Clusterdefaults Node Pool Defaults Args - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node_
pools Sequence[ClusterNode Pool Args] - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node_
version str - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - notification_
config ClusterNotification Config Args - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- pod_
security_ Clusterpolicy_ config Pod Security Policy Config Args - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private_
cluster_ Clusterconfig Private Cluster Config Args - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private_
ipv6_ strgoogle_ access - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect_
config ClusterProtect Config Args - Enable/Disable Protect API features for the cluster. Structure is documented below.
- release_
channel ClusterRelease Channel Args - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - remove_
default_ boolnode_ pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - resource_
labels Mapping[str, str] The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- resource_
usage_ Clusterexport_ config Resource Usage Export Config Args - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- secret_
manager_ Clusterconfig Secret Manager Config Args - Configuration for the SecretManagerConfig feature. Structure is documented below.
- security_
posture_ Clusterconfig Security Posture Config Args - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- service_
external_ Clusterips_ config Service External Ips Config Args - Structure is documented below.
- subnetwork str
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu_
config ClusterTpu Config Args - TPU configuration for the cluster.
- user_
managed_ Clusterkeys_ config User Managed Keys Config Args - The custom keys configuration of the cluster.
- vertical_
pod_ Clusterautoscaling Vertical Pod Autoscaling Args - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload_
alts_ Clusterconfig Workload Alts Config Args - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- workload_
identity_ Clusterconfig Workload Identity Config Args - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config Property Map - The configuration for addons supported by GKE. Structure is documented below.
- allow
Net BooleanAdmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - authenticator
Groups Property MapConfig - Configuration for the Google Groups for GKE feature. Structure is documented below.
- Property Map
- Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling Property Map - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr String - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - cluster
Telemetry Property Map - Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes Property Map - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- control
Plane Property MapEndpoints Config - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- cost
Management Property MapConfig - Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption Property Map - Structure is documented below.
- datapath
Provider String - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - default
Max NumberPods Per Node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat Property MapStatus - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- deletion
Protection Boolean - description String
- Description of the cluster.
- dns
Config Property Map - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable
Autopilot Boolean - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - enable
Cilium BooleanClusterwide Network Policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- enable
Fqdn BooleanNetwork Policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - enable
Intranode BooleanVisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s Property MapBeta Apis - Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes BooleanAlpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb BooleanSubsetting - Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy BooleanAbac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - enable
Multi BooleanNetworking - Whether multi-networking is enabled for this cluster.
- enable
Shielded BooleanNodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - enable
Tpu Boolean - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- enterprise
Config Property Map Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- fleet Property Map
- Fleet configuration for the cluster. Structure is documented below.
- gateway
Api Property MapConfig - Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service Property MapConfig - . Structure is documented below.
- initial
Node NumberCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - ip
Allocation Property MapPolicy - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- location String
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - logging
Config Property Map - Logging configuration for the cluster. Structure is documented below.
- logging
Service String - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - maintenance
Policy Property Map - The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth Property Map - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. - Property Map
- The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - mesh
Certificates Property Map - Structure is documented below.
- min
Master StringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config Property Map - Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service String - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - name String
- The name of the cluster, unique within the project and
location.
- network String
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy Property Map - Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode String - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - node
Config Property Map - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node
Locations List<String> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool Property MapAuto Config - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool Property MapDefaults - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools List<Property Map> - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version String - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - notification
Config Property Map - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- pod
Security Property MapPolicy Config - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster Property MapConfig - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google StringAccess - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config Property Map - Enable/Disable Protect API features for the cluster. Structure is documented below.
- release
Channel Property Map - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - remove
Default BooleanNode Pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - resource
Labels Map<String> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- resource
Usage Property MapExport Config - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- secret
Manager Property MapConfig - Configuration for the SecretManagerConfig feature. Structure is documented below.
- security
Posture Property MapConfig - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- service
External Property MapIps Config - Structure is documented below.
- subnetwork String
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config Property Map - TPU configuration for the cluster.
- user
Managed Property MapKeys Config - The custom keys configuration of the cluster.
- vertical
Pod Property MapAutoscaling - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Alts Property MapConfig - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- workload
Identity Property MapConfig - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the Cluster resource produces the following output properties:
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Endpoint string
- The IP address of this cluster's Kubernetes master.
- Id string
- The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string - The fingerprint of the set of labels for this cluster.
- Master
Version string - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - Operation string
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The server-defined URL for the resource.
- Services
Ipv4Cidr string - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - Tpu
Ipv4Cidr stringBlock - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29).
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Endpoint string
- The IP address of this cluster's Kubernetes master.
- Id string
- The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string - The fingerprint of the set of labels for this cluster.
- Master
Version string - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - Operation string
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The server-defined URL for the resource.
- Services
Ipv4Cidr string - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - Tpu
Ipv4Cidr stringBlock - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29).
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- endpoint String
- The IP address of this cluster's Kubernetes master.
- id String
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint String - The fingerprint of the set of labels for this cluster.
- master
Version String - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - operation String
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The server-defined URL for the resource.
- services
Ipv4Cidr String - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - tpu
Ipv4Cidr StringBlock - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29).
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- endpoint string
- The IP address of this cluster's Kubernetes master.
- id string
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint string - The fingerprint of the set of labels for this cluster.
- master
Version string - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - operation string
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link string - The server-defined URL for the resource.
- services
Ipv4Cidr string - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - tpu
Ipv4Cidr stringBlock - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29).
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- endpoint str
- The IP address of this cluster's Kubernetes master.
- id str
- The provider-assigned unique ID for this managed resource.
- label_
fingerprint str - The fingerprint of the set of labels for this cluster.
- master_
version str - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - operation str
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- self_
link str - The server-defined URL for the resource.
- services_
ipv4_ strcidr - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - tpu_
ipv4_ strcidr_ block - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29).
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- endpoint String
- The IP address of this cluster's Kubernetes master.
- id String
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint String - The fingerprint of the set of labels for this cluster.
- master
Version String - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - operation String
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The server-defined URL for the resource.
- services
Ipv4Cidr String - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - tpu
Ipv4Cidr StringBlock - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29).
Look up Existing Cluster Resource
Get an existing Cluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ClusterState, opts?: CustomResourceOptions): Cluster@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
addons_config: Optional[ClusterAddonsConfigArgs] = None,
allow_net_admin: Optional[bool] = None,
authenticator_groups_config: Optional[ClusterAuthenticatorGroupsConfigArgs] = None,
binary_authorization: Optional[ClusterBinaryAuthorizationArgs] = None,
cluster_autoscaling: Optional[ClusterClusterAutoscalingArgs] = None,
cluster_ipv4_cidr: Optional[str] = None,
cluster_telemetry: Optional[ClusterClusterTelemetryArgs] = None,
confidential_nodes: Optional[ClusterConfidentialNodesArgs] = None,
control_plane_endpoints_config: Optional[ClusterControlPlaneEndpointsConfigArgs] = None,
cost_management_config: Optional[ClusterCostManagementConfigArgs] = None,
database_encryption: Optional[ClusterDatabaseEncryptionArgs] = None,
datapath_provider: Optional[str] = None,
default_max_pods_per_node: Optional[int] = None,
default_snat_status: Optional[ClusterDefaultSnatStatusArgs] = None,
deletion_protection: Optional[bool] = None,
description: Optional[str] = None,
dns_config: Optional[ClusterDnsConfigArgs] = None,
effective_labels: Optional[Mapping[str, str]] = None,
enable_autopilot: Optional[bool] = None,
enable_cilium_clusterwide_network_policy: Optional[bool] = None,
enable_fqdn_network_policy: Optional[bool] = None,
enable_intranode_visibility: Optional[bool] = None,
enable_k8s_beta_apis: Optional[ClusterEnableK8sBetaApisArgs] = None,
enable_kubernetes_alpha: Optional[bool] = None,
enable_l4_ilb_subsetting: Optional[bool] = None,
enable_legacy_abac: Optional[bool] = None,
enable_multi_networking: Optional[bool] = None,
enable_shielded_nodes: Optional[bool] = None,
enable_tpu: Optional[bool] = None,
endpoint: Optional[str] = None,
enterprise_config: Optional[ClusterEnterpriseConfigArgs] = None,
fleet: Optional[ClusterFleetArgs] = None,
gateway_api_config: Optional[ClusterGatewayApiConfigArgs] = None,
identity_service_config: Optional[ClusterIdentityServiceConfigArgs] = None,
initial_node_count: Optional[int] = None,
ip_allocation_policy: Optional[ClusterIpAllocationPolicyArgs] = None,
label_fingerprint: Optional[str] = None,
location: Optional[str] = None,
logging_config: Optional[ClusterLoggingConfigArgs] = None,
logging_service: Optional[str] = None,
maintenance_policy: Optional[ClusterMaintenancePolicyArgs] = None,
master_auth: Optional[ClusterMasterAuthArgs] = None,
master_authorized_networks_config: Optional[ClusterMasterAuthorizedNetworksConfigArgs] = None,
master_version: Optional[str] = None,
mesh_certificates: Optional[ClusterMeshCertificatesArgs] = None,
min_master_version: Optional[str] = None,
monitoring_config: Optional[ClusterMonitoringConfigArgs] = None,
monitoring_service: Optional[str] = None,
name: Optional[str] = None,
network: Optional[str] = None,
network_policy: Optional[ClusterNetworkPolicyArgs] = None,
networking_mode: Optional[str] = None,
node_config: Optional[ClusterNodeConfigArgs] = None,
node_locations: Optional[Sequence[str]] = None,
node_pool_auto_config: Optional[ClusterNodePoolAutoConfigArgs] = None,
node_pool_defaults: Optional[ClusterNodePoolDefaultsArgs] = None,
node_pools: Optional[Sequence[ClusterNodePoolArgs]] = None,
node_version: Optional[str] = None,
notification_config: Optional[ClusterNotificationConfigArgs] = None,
operation: Optional[str] = None,
pod_security_policy_config: Optional[ClusterPodSecurityPolicyConfigArgs] = None,
private_cluster_config: Optional[ClusterPrivateClusterConfigArgs] = None,
private_ipv6_google_access: Optional[str] = None,
project: Optional[str] = None,
protect_config: Optional[ClusterProtectConfigArgs] = None,
pulumi_labels: Optional[Mapping[str, str]] = None,
release_channel: Optional[ClusterReleaseChannelArgs] = None,
remove_default_node_pool: Optional[bool] = None,
resource_labels: Optional[Mapping[str, str]] = None,
resource_usage_export_config: Optional[ClusterResourceUsageExportConfigArgs] = None,
secret_manager_config: Optional[ClusterSecretManagerConfigArgs] = None,
security_posture_config: Optional[ClusterSecurityPostureConfigArgs] = None,
self_link: Optional[str] = None,
service_external_ips_config: Optional[ClusterServiceExternalIpsConfigArgs] = None,
services_ipv4_cidr: Optional[str] = None,
subnetwork: Optional[str] = None,
tpu_config: Optional[ClusterTpuConfigArgs] = None,
tpu_ipv4_cidr_block: Optional[str] = None,
user_managed_keys_config: Optional[ClusterUserManagedKeysConfigArgs] = None,
vertical_pod_autoscaling: Optional[ClusterVerticalPodAutoscalingArgs] = None,
workload_alts_config: Optional[ClusterWorkloadAltsConfigArgs] = None,
workload_identity_config: Optional[ClusterWorkloadIdentityConfigArgs] = None) -> Clusterfunc GetCluster(ctx *Context, name string, id IDInput, state *ClusterState, opts ...ResourceOption) (*Cluster, error)public static Cluster Get(string name, Input<string> id, ClusterState? state, CustomResourceOptions? opts = null)public static Cluster get(String name, Output<String> id, ClusterState state, CustomResourceOptions options)resources: _: type: gcp:container:Cluster get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Addons
Config ClusterAddons Config - The configuration for addons supported by GKE. Structure is documented below.
- Allow
Net boolAdmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - Authenticator
Groups ClusterConfig Authenticator Groups Config - Configuration for the Google Groups for GKE feature. Structure is documented below.
-
Cluster
Binary Authorization - Configuration options for the Binary Authorization feature. Structure is documented below.
- Cluster
Autoscaling ClusterCluster Autoscaling - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- Cluster
Ipv4Cidr string - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - Cluster
Telemetry ClusterCluster Telemetry - Configuration for ClusterTelemetry feature, Structure is documented below.
- Confidential
Nodes ClusterConfidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- Control
Plane ClusterEndpoints Config Control Plane Endpoints Config - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- Cost
Management ClusterConfig Cost Management Config - Configuration for the Cost Allocation feature. Structure is documented below.
- Database
Encryption ClusterDatabase Encryption - Structure is documented below.
- Datapath
Provider string - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - Default
Max intPods Per Node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- Default
Snat ClusterStatus Default Snat Status - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- Deletion
Protection bool - Description string
- Description of the cluster.
- Dns
Config ClusterDns Config - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Enable
Autopilot bool - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - Enable
Cilium boolClusterwide Network Policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- Enable
Fqdn boolNetwork Policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - Enable
Intranode boolVisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- Enable
K8s ClusterBeta Apis Enable K8s Beta Apis - Configuration for Kubernetes Beta APIs. Structure is documented below.
- Enable
Kubernetes boolAlpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- Enable
L4Ilb boolSubsetting - Whether L4ILB Subsetting is enabled for this cluster.
- Enable
Legacy boolAbac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - Enable
Multi boolNetworking - Whether multi-networking is enabled for this cluster.
- Enable
Shielded boolNodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - Enable
Tpu bool - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- Endpoint string
- The IP address of this cluster's Kubernetes master.
- Enterprise
Config ClusterEnterprise Config Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- Fleet
Cluster
Fleet - Fleet configuration for the cluster. Structure is documented below.
- Gateway
Api ClusterConfig Gateway Api Config - Configuration for GKE Gateway API controller. Structure is documented below.
- Identity
Service ClusterConfig Identity Service Config - . Structure is documented below.
- Initial
Node intCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - Ip
Allocation ClusterPolicy Ip Allocation Policy - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- Label
Fingerprint string - The fingerprint of the set of labels for this cluster.
- Location string
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - Logging
Config ClusterLogging Config - Logging configuration for the cluster. Structure is documented below.
- Logging
Service string - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - Maintenance
Policy ClusterMaintenance Policy - The maintenance policy to use for the cluster. Structure is documented below.
- Master
Auth ClusterMaster Auth - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. -
Cluster
Master Authorized Networks Config - The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - Master
Version string - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - Mesh
Certificates ClusterMesh Certificates - Structure is documented below.
- Min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- Monitoring
Config ClusterMonitoring Config - Monitoring configuration for the cluster. Structure is documented below.
- Monitoring
Service string - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - Name string
- The name of the cluster, unique within the project and
location.
- Network string
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- Network
Policy ClusterNetwork Policy - Configuration options for the NetworkPolicy feature. Structure is documented below.
- Networking
Mode string - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - Node
Config ClusterNode Config - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - Node
Locations List<string> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- Node
Pool ClusterAuto Config Node Pool Auto Config - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- Node
Pool ClusterDefaults Node Pool Defaults - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- Node
Pools List<ClusterNode Pool> - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- Node
Version string - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - Notification
Config ClusterNotification Config - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- Operation string
- Pod
Security ClusterPolicy Config Pod Security Policy Config - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- Private
Cluster ClusterConfig Private Cluster Config - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- Private
Ipv6Google stringAccess - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protect
Config ClusterProtect Config - Enable/Disable Protect API features for the cluster. Structure is documented below.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Release
Channel ClusterRelease Channel - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - Remove
Default boolNode Pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - Resource
Labels Dictionary<string, string> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- Resource
Usage ClusterExport Config Resource Usage Export Config - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- Secret
Manager ClusterConfig Secret Manager Config - Configuration for the SecretManagerConfig feature. Structure is documented below.
- Security
Posture ClusterConfig Security Posture Config - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- Self
Link string - The server-defined URL for the resource.
- Service
External ClusterIps Config Service External Ips Config - Structure is documented below.
- Services
Ipv4Cidr string - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - Subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- Tpu
Config ClusterTpu Config - TPU configuration for the cluster.
- Tpu
Ipv4Cidr stringBlock - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29). - User
Managed ClusterKeys Config User Managed Keys Config - The custom keys configuration of the cluster.
- Vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- Workload
Alts ClusterConfig Workload Alts Config - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- Workload
Identity ClusterConfig Workload Identity Config - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- Addons
Config ClusterAddons Config Args - The configuration for addons supported by GKE. Structure is documented below.
- Allow
Net boolAdmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - Authenticator
Groups ClusterConfig Authenticator Groups Config Args - Configuration for the Google Groups for GKE feature. Structure is documented below.
-
Cluster
Binary Authorization Args - Configuration options for the Binary Authorization feature. Structure is documented below.
- Cluster
Autoscaling ClusterCluster Autoscaling Args - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- Cluster
Ipv4Cidr string - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - Cluster
Telemetry ClusterCluster Telemetry Args - Configuration for ClusterTelemetry feature, Structure is documented below.
- Confidential
Nodes ClusterConfidential Nodes Args - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- Control
Plane ClusterEndpoints Config Control Plane Endpoints Config Args - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- Cost
Management ClusterConfig Cost Management Config Args - Configuration for the Cost Allocation feature. Structure is documented below.
- Database
Encryption ClusterDatabase Encryption Args - Structure is documented below.
- Datapath
Provider string - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - Default
Max intPods Per Node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- Default
Snat ClusterStatus Default Snat Status Args - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- Deletion
Protection bool - Description string
- Description of the cluster.
- Dns
Config ClusterDns Config Args - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Enable
Autopilot bool - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - Enable
Cilium boolClusterwide Network Policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- Enable
Fqdn boolNetwork Policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - Enable
Intranode boolVisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- Enable
K8s ClusterBeta Apis Enable K8s Beta Apis Args - Configuration for Kubernetes Beta APIs. Structure is documented below.
- Enable
Kubernetes boolAlpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- Enable
L4Ilb boolSubsetting - Whether L4ILB Subsetting is enabled for this cluster.
- Enable
Legacy boolAbac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - Enable
Multi boolNetworking - Whether multi-networking is enabled for this cluster.
- Enable
Shielded boolNodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - Enable
Tpu bool - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- Endpoint string
- The IP address of this cluster's Kubernetes master.
- Enterprise
Config ClusterEnterprise Config Args Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- Fleet
Cluster
Fleet Args - Fleet configuration for the cluster. Structure is documented below.
- Gateway
Api ClusterConfig Gateway Api Config Args - Configuration for GKE Gateway API controller. Structure is documented below.
- Identity
Service ClusterConfig Identity Service Config Args - . Structure is documented below.
- Initial
Node intCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - Ip
Allocation ClusterPolicy Ip Allocation Policy Args - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- Label
Fingerprint string - The fingerprint of the set of labels for this cluster.
- Location string
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - Logging
Config ClusterLogging Config Args - Logging configuration for the cluster. Structure is documented below.
- Logging
Service string - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - Maintenance
Policy ClusterMaintenance Policy Args - The maintenance policy to use for the cluster. Structure is documented below.
- Master
Auth ClusterMaster Auth Args - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. -
Cluster
Master Authorized Networks Config Args - The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - Master
Version string - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - Mesh
Certificates ClusterMesh Certificates Args - Structure is documented below.
- Min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- Monitoring
Config ClusterMonitoring Config Args - Monitoring configuration for the cluster. Structure is documented below.
- Monitoring
Service string - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - Name string
- The name of the cluster, unique within the project and
location.
- Network string
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- Network
Policy ClusterNetwork Policy Args - Configuration options for the NetworkPolicy feature. Structure is documented below.
- Networking
Mode string - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - Node
Config ClusterNode Config Args - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - Node
Locations []string The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- Node
Pool ClusterAuto Config Node Pool Auto Config Args - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- Node
Pool ClusterDefaults Node Pool Defaults Args - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- Node
Pools []ClusterNode Pool Args - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- Node
Version string - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - Notification
Config ClusterNotification Config Args - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- Operation string
- Pod
Security ClusterPolicy Config Pod Security Policy Config Args - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- Private
Cluster ClusterConfig Private Cluster Config Args - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- Private
Ipv6Google stringAccess - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protect
Config ClusterProtect Config Args - Enable/Disable Protect API features for the cluster. Structure is documented below.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Release
Channel ClusterRelease Channel Args - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - Remove
Default boolNode Pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - Resource
Labels map[string]string The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- Resource
Usage ClusterExport Config Resource Usage Export Config Args - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- Secret
Manager ClusterConfig Secret Manager Config Args - Configuration for the SecretManagerConfig feature. Structure is documented below.
- Security
Posture ClusterConfig Security Posture Config Args - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- Self
Link string - The server-defined URL for the resource.
- Service
External ClusterIps Config Service External Ips Config Args - Structure is documented below.
- Services
Ipv4Cidr string - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - Subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- Tpu
Config ClusterTpu Config Args - TPU configuration for the cluster.
- Tpu
Ipv4Cidr stringBlock - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29). - User
Managed ClusterKeys Config User Managed Keys Config Args - The custom keys configuration of the cluster.
- Vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling Args - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- Workload
Alts ClusterConfig Workload Alts Config Args - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- Workload
Identity ClusterConfig Workload Identity Config Args - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config ClusterAddons Config - The configuration for addons supported by GKE. Structure is documented below.
- allow
Net BooleanAdmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - authenticator
Groups ClusterConfig Authenticator Groups Config - Configuration for the Google Groups for GKE feature. Structure is documented below.
-
Cluster
Binary Authorization - Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling ClusterCluster Autoscaling - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr String - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - cluster
Telemetry ClusterCluster Telemetry - Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes ClusterConfidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- control
Plane ClusterEndpoints Config Control Plane Endpoints Config - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- cost
Management ClusterConfig Cost Management Config - Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption ClusterDatabase Encryption - Structure is documented below.
- datapath
Provider String - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - default
Max IntegerPods Per Node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat ClusterStatus Default Snat Status - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- deletion
Protection Boolean - description String
- Description of the cluster.
- dns
Config ClusterDns Config - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- enable
Autopilot Boolean - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - enable
Cilium BooleanClusterwide Network Policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- enable
Fqdn BooleanNetwork Policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - enable
Intranode BooleanVisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s ClusterBeta Apis Enable K8s Beta Apis - Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes BooleanAlpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb BooleanSubsetting - Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy BooleanAbac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - enable
Multi BooleanNetworking - Whether multi-networking is enabled for this cluster.
- enable
Shielded BooleanNodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - enable
Tpu Boolean - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- endpoint String
- The IP address of this cluster's Kubernetes master.
- enterprise
Config ClusterEnterprise Config Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- fleet
Cluster
Fleet - Fleet configuration for the cluster. Structure is documented below.
- gateway
Api ClusterConfig Gateway Api Config - Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service ClusterConfig Identity Service Config - . Structure is documented below.
- initial
Node IntegerCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - ip
Allocation ClusterPolicy Ip Allocation Policy - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- label
Fingerprint String - The fingerprint of the set of labels for this cluster.
- location String
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - logging
Config ClusterLogging Config - Logging configuration for the cluster. Structure is documented below.
- logging
Service String - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - maintenance
Policy ClusterMaintenance Policy - The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth ClusterMaster Auth - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. -
Cluster
Master Authorized Networks Config - The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - master
Version String - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - mesh
Certificates ClusterMesh Certificates - Structure is documented below.
- min
Master StringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config ClusterMonitoring Config - Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service String - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - name String
- The name of the cluster, unique within the project and
location.
- network String
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy ClusterNetwork Policy - Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode String - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - node
Config ClusterNode Config - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node
Locations List<String> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool ClusterAuto Config Node Pool Auto Config - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool ClusterDefaults Node Pool Defaults - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools List<ClusterNode Pool> - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version String - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - notification
Config ClusterNotification Config - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- operation String
- pod
Security ClusterPolicy Config Pod Security Policy Config - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster ClusterConfig Private Cluster Config - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google StringAccess - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config ClusterProtect Config - Enable/Disable Protect API features for the cluster. Structure is documented below.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- release
Channel ClusterRelease Channel - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - remove
Default BooleanNode Pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - resource
Labels Map<String,String> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- resource
Usage ClusterExport Config Resource Usage Export Config - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- secret
Manager ClusterConfig Secret Manager Config - Configuration for the SecretManagerConfig feature. Structure is documented below.
- security
Posture ClusterConfig Security Posture Config - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- self
Link String - The server-defined URL for the resource.
- service
External ClusterIps Config Service External Ips Config - Structure is documented below.
- services
Ipv4Cidr String - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - subnetwork String
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config ClusterTpu Config - TPU configuration for the cluster.
- tpu
Ipv4Cidr StringBlock - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29). - user
Managed ClusterKeys Config User Managed Keys Config - The custom keys configuration of the cluster.
- vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Alts ClusterConfig Workload Alts Config - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- workload
Identity ClusterConfig Workload Identity Config - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config ClusterAddons Config - The configuration for addons supported by GKE. Structure is documented below.
- allow
Net booleanAdmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - authenticator
Groups ClusterConfig Authenticator Groups Config - Configuration for the Google Groups for GKE feature. Structure is documented below.
-
Cluster
Binary Authorization - Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling ClusterCluster Autoscaling - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr string - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - cluster
Telemetry ClusterCluster Telemetry - Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes ClusterConfidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- control
Plane ClusterEndpoints Config Control Plane Endpoints Config - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- cost
Management ClusterConfig Cost Management Config - Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption ClusterDatabase Encryption - Structure is documented below.
- datapath
Provider string - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - default
Max numberPods Per Node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat ClusterStatus Default Snat Status - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- deletion
Protection boolean - description string
- Description of the cluster.
- dns
Config ClusterDns Config - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- enable
Autopilot boolean - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - enable
Cilium booleanClusterwide Network Policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- enable
Fqdn booleanNetwork Policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - enable
Intranode booleanVisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s ClusterBeta Apis Enable K8s Beta Apis - Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes booleanAlpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb booleanSubsetting - Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy booleanAbac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - enable
Multi booleanNetworking - Whether multi-networking is enabled for this cluster.
- enable
Shielded booleanNodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - enable
Tpu boolean - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- endpoint string
- The IP address of this cluster's Kubernetes master.
- enterprise
Config ClusterEnterprise Config Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- fleet
Cluster
Fleet - Fleet configuration for the cluster. Structure is documented below.
- gateway
Api ClusterConfig Gateway Api Config - Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service ClusterConfig Identity Service Config - . Structure is documented below.
- initial
Node numberCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - ip
Allocation ClusterPolicy Ip Allocation Policy - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- label
Fingerprint string - The fingerprint of the set of labels for this cluster.
- location string
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - logging
Config ClusterLogging Config - Logging configuration for the cluster. Structure is documented below.
- logging
Service string - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - maintenance
Policy ClusterMaintenance Policy - The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth ClusterMaster Auth - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. -
Cluster
Master Authorized Networks Config - The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - master
Version string - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - mesh
Certificates ClusterMesh Certificates - Structure is documented below.
- min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config ClusterMonitoring Config - Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service string - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - name string
- The name of the cluster, unique within the project and
location.
- network string
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy ClusterNetwork Policy - Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode string - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - node
Config ClusterNode Config - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node
Locations string[] The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool ClusterAuto Config Node Pool Auto Config - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool ClusterDefaults Node Pool Defaults - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools ClusterNode Pool[] - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version string - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - notification
Config ClusterNotification Config - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- operation string
- pod
Security ClusterPolicy Config Pod Security Policy Config - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster ClusterConfig Private Cluster Config - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google stringAccess - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config ClusterProtect Config - Enable/Disable Protect API features for the cluster. Structure is documented below.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- release
Channel ClusterRelease Channel - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - remove
Default booleanNode Pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - resource
Labels {[key: string]: string} The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- resource
Usage ClusterExport Config Resource Usage Export Config - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- secret
Manager ClusterConfig Secret Manager Config - Configuration for the SecretManagerConfig feature. Structure is documented below.
- security
Posture ClusterConfig Security Posture Config - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- self
Link string - The server-defined URL for the resource.
- service
External ClusterIps Config Service External Ips Config - Structure is documented below.
- services
Ipv4Cidr string - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config ClusterTpu Config - TPU configuration for the cluster.
- tpu
Ipv4Cidr stringBlock - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29). - user
Managed ClusterKeys Config User Managed Keys Config - The custom keys configuration of the cluster.
- vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Alts ClusterConfig Workload Alts Config - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- workload
Identity ClusterConfig Workload Identity Config - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons_
config ClusterAddons Config Args - The configuration for addons supported by GKE. Structure is documented below.
- allow_
net_ booladmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - authenticator_
groups_ Clusterconfig Authenticator Groups Config Args - Configuration for the Google Groups for GKE feature. Structure is documented below.
-
Cluster
Binary Authorization Args - Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster_
autoscaling ClusterCluster Autoscaling Args - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster_
ipv4_ strcidr - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - cluster_
telemetry ClusterCluster Telemetry Args - Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential_
nodes ClusterConfidential Nodes Args - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- control_
plane_ Clusterendpoints_ config Control Plane Endpoints Config Args - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- cost_
management_ Clusterconfig Cost Management Config Args - Configuration for the Cost Allocation feature. Structure is documented below.
- database_
encryption ClusterDatabase Encryption Args - Structure is documented below.
- datapath_
provider str - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - default_
max_ intpods_ per_ node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default_
snat_ Clusterstatus Default Snat Status Args - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- deletion_
protection bool - description str
- Description of the cluster.
- dns_
config ClusterDns Config Args - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- enable_
autopilot bool - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - enable_
cilium_ boolclusterwide_ network_ policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- enable_
fqdn_ boolnetwork_ policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - enable_
intranode_ boolvisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable_
k8s_ Clusterbeta_ apis Enable K8s Beta Apis Args - Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable_
kubernetes_ boolalpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable_
l4_ boolilb_ subsetting - Whether L4ILB Subsetting is enabled for this cluster.
- enable_
legacy_ boolabac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - enable_
multi_ boolnetworking - Whether multi-networking is enabled for this cluster.
- enable_
shielded_ boolnodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - enable_
tpu bool - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- endpoint str
- The IP address of this cluster's Kubernetes master.
- enterprise_
config ClusterEnterprise Config Args Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- fleet
Cluster
Fleet Args - Fleet configuration for the cluster. Structure is documented below.
- gateway_
api_ Clusterconfig Gateway Api Config Args - Configuration for GKE Gateway API controller. Structure is documented below.
- identity_
service_ Clusterconfig Identity Service Config Args - . Structure is documented below.
- initial_
node_ intcount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - ip_
allocation_ Clusterpolicy Ip Allocation Policy Args - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- label_
fingerprint str - The fingerprint of the set of labels for this cluster.
- location str
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - logging_
config ClusterLogging Config Args - Logging configuration for the cluster. Structure is documented below.
- logging_
service str - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - maintenance_
policy ClusterMaintenance Policy Args - The maintenance policy to use for the cluster. Structure is documented below.
- master_
auth ClusterMaster Auth Args - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. -
Cluster
Master Authorized Networks Config Args - The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - master_
version str - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - mesh_
certificates ClusterMesh Certificates Args - Structure is documented below.
- min_
master_ strversion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring_
config ClusterMonitoring Config Args - Monitoring configuration for the cluster. Structure is documented below.
- monitoring_
service str - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - name str
- The name of the cluster, unique within the project and
location.
- network str
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network_
policy ClusterNetwork Policy Args - Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking_
mode str - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - node_
config ClusterNode Config Args - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node_
locations Sequence[str] The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node_
pool_ Clusterauto_ config Node Pool Auto Config Args - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node_
pool_ Clusterdefaults Node Pool Defaults Args - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node_
pools Sequence[ClusterNode Pool Args] - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node_
version str - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - notification_
config ClusterNotification Config Args - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- operation str
- pod_
security_ Clusterpolicy_ config Pod Security Policy Config Args - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private_
cluster_ Clusterconfig Private Cluster Config Args - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private_
ipv6_ strgoogle_ access - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect_
config ClusterProtect Config Args - Enable/Disable Protect API features for the cluster. Structure is documented below.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- release_
channel ClusterRelease Channel Args - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - remove_
default_ boolnode_ pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - resource_
labels Mapping[str, str] The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- resource_
usage_ Clusterexport_ config Resource Usage Export Config Args - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- secret_
manager_ Clusterconfig Secret Manager Config Args - Configuration for the SecretManagerConfig feature. Structure is documented below.
- security_
posture_ Clusterconfig Security Posture Config Args - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- self_
link str - The server-defined URL for the resource.
- service_
external_ Clusterips_ config Service External Ips Config Args - Structure is documented below.
- services_
ipv4_ strcidr - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - subnetwork str
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu_
config ClusterTpu Config Args - TPU configuration for the cluster.
- tpu_
ipv4_ strcidr_ block - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29). - user_
managed_ Clusterkeys_ config User Managed Keys Config Args - The custom keys configuration of the cluster.
- vertical_
pod_ Clusterautoscaling Vertical Pod Autoscaling Args - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload_
alts_ Clusterconfig Workload Alts Config Args - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- workload_
identity_ Clusterconfig Workload Identity Config Args - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config Property Map - The configuration for addons supported by GKE. Structure is documented below.
- allow
Net BooleanAdmin - Enable NET_ADMIN for the cluster. Defaults to
false. This field should only be enabled for Autopilot clusters (enable_autopilotset totrue). - authenticator
Groups Property MapConfig - Configuration for the Google Groups for GKE feature. Structure is documented below.
- Property Map
- Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling Property Map - Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr String - The IP address range of the Kubernetes pods
in this cluster in CIDR notation (e.g.
10.96.0.0/14). Leave blank to have one automatically chosen or specify a/14block in10.0.0.0/8. This field will default a new cluster to routes-based, whereip_allocation_policyis not defined. - cluster
Telemetry Property Map - Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes Property Map - Configuration for Confidential Nodes feature. Structure is documented below documented below.
- control
Plane Property MapEndpoints Config - Configuration for all of the cluster's control plane endpoints. Structure is documented below.
- cost
Management Property MapConfig - Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption Property Map - Structure is documented below.
- datapath
Provider String - The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATHby default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATHto enable Dataplane v2. - default
Max NumberPods Per Node - The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat Property MapStatus - GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- deletion
Protection Boolean - description String
- Description of the cluster.
- dns
Config Property Map - Configuration for Using Cloud DNS for GKE. Structure is documented below.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- enable
Autopilot Boolean - Enable Autopilot for this cluster. Defaults to
false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. - enable
Cilium BooleanClusterwide Network Policy - Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false.
- enable
Fqdn BooleanNetwork Policy - Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetdDaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. - enable
Intranode BooleanVisibility - Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s Property MapBeta Apis - Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes BooleanAlpha - Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb BooleanSubsetting - Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy BooleanAbac - Whether the ABAC authorizer is enabled for this cluster.
When enabled, identities in the system, including service accounts, nodes, and controllers,
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
Defaults to
false - enable
Multi BooleanNetworking - Whether multi-networking is enabled for this cluster.
- enable
Shielded BooleanNodes - Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true. - enable
Tpu Boolean - Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- endpoint String
- The IP address of this cluster's Kubernetes master.
- enterprise
Config Property Map Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below.
The
default_snat_statusblock supports- fleet Property Map
- Fleet configuration for the cluster. Structure is documented below.
- gateway
Api Property MapConfig - Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service Property MapConfig - . Structure is documented below.
- initial
Node NumberCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - ip
Allocation Property MapPolicy - Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
- label
Fingerprint String - The fingerprint of the set of labels for this cluster.
- location String
- The location (region or zone) in which the cluster
master will be created, as well as the default node location. If you specify a
zone (such as
us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well - logging
Config Property Map - Logging configuration for the cluster. Structure is documented below.
- logging
Service String - The logging service that the cluster should
write logs to. Available options include
logging.googleapis.com(Legacy Stackdriver),logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), andnone. Defaults tologging.googleapis.com/kubernetes - maintenance
Policy Property Map - The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth Property Map - The authentication information for accessing the
Kubernetes master. Some values in this block are only returned by the API if
your service account has permission to get credentials for your GKE cluster. If
you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentialspermission. Structure is documented below. - Property Map
- The desired
configuration options for master authorized networks. Omit the
nested
cidr_blocksattribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below. - master
Version String - The current version of the master in the cluster. This may
be different than the
min_master_versionset in the config if the master has been updated by GKE. - mesh
Certificates Property Map - Structure is documented below.
- min
Master StringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_versionfield to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersionsdata source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersionsdatasource with a regional cluster, ensure that you have provided alocationto the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config Property Map - Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service String - The monitoring service that the cluster
should write metrics to.
Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API.
VM metrics will be collected by Google Compute Engine regardless of this setting
Available options include
monitoring.googleapis.com(Legacy Stackdriver),monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), andnone. Defaults tomonitoring.googleapis.com/kubernetes - name String
- The name of the cluster, unique within the project and
location.
- network String
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy Property Map - Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode String - Determines whether alias IPs or routes will be used for pod IPs in the cluster.
Options are
VPC_NATIVEorROUTES.VPC_NATIVEenables IP aliasing. Newly created clusters will default toVPC_NATIVE. - node
Config Property Map - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node
Locations List<String> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool Property MapAuto Config - Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool Property MapDefaults - Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools List<Property Map> - List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version String - The Kubernetes version on the nodes. Must either be unset
or set to the same value as
min_master_versionon create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersionsdata source'sversion_prefixfield to approximate fuzzy versions. To update nodes in other node pools, use theversionattribute on the node pool. - notification
Config Property Map - Configuration for the cluster upgrade notifications feature. Structure is documented below.
- operation String
- pod
Security Property MapPolicy Config - Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster Property MapConfig - Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google StringAccess - The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config Property Map - Enable/Disable Protect API features for the cluster. Structure is documented below.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- release
Channel Property Map - Configuration options for the Release channel
feature, which provide more control over automatic upgrades of your GKE clusters.
When updating this field, GKE imposes specific version requirements. See
Selecting a new release channel
for more details; the
gcp.container.getEngineVersionsdatasource can provide the default version for a channel. Note that removing therelease_channelfield from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"channel. Structure is documented below. - remove
Default BooleanNode Pool - If
true, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePoolresources with no default node pool, this should be set totrue, alongside settinginitial_node_countto at least1. - resource
Labels Map<String> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
- resource
Usage Property MapExport Config - Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- secret
Manager Property MapConfig - Configuration for the SecretManagerConfig feature. Structure is documented below.
- security
Posture Property MapConfig - Enable/Disable Security Posture API features for the cluster. Structure is documented below.
- self
Link String - The server-defined URL for the resource.
- service
External Property MapIps Config - Structure is documented below.
- services
Ipv4Cidr String - The IP address range of the Kubernetes services in this
cluster, in CIDR
notation (e.g.
1.2.3.4/29). Service addresses are typically put in the last/16from the container CIDR. - subnetwork String
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config Property Map - TPU configuration for the cluster.
- tpu
Ipv4Cidr StringBlock - The IP address range of the Cloud TPUs in this cluster, in
CIDR
notation (e.g.
1.2.3.4/29). - user
Managed Property MapKeys Config - The custom keys configuration of the cluster.
- vertical
Pod Property MapAutoscaling - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Alts Property MapConfig - Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.
- workload
Identity Property MapConfig - Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
Supporting Types
ClusterAddonsConfig, ClusterAddonsConfigArgs
- Cloudrun
Config ClusterAddons Config Cloudrun Config - . Structure is documented below.
- Config
Connector ClusterConfig Addons Config Config Connector Config - .
The status of the ConfigConnector addon. It is disabled by default; Set
enabled = trueto enable. - Dns
Cache ClusterConfig Addons Config Dns Cache Config . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = trueto enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- Gce
Persistent ClusterDisk Csi Driver Config Addons Config Gce Persistent Disk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set
enabled = trueto enable.Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.
- Gcp
Filestore ClusterCsi Driver Config Addons Config Gcp Filestore Csi Driver Config - The status of the Filestore CSI driver addon,
which allows the usage of filestore instance as volumes.
It is disabled by default; set
enabled = trueto enable. - Gcs
Fuse ClusterCsi Driver Config Addons Config Gcs Fuse Csi Driver Config - The status of the GCSFuse CSI driver addon,
which allows the usage of a gcs bucket as volumes.
It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.24 or later; setenabled = trueto enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information. - Gke
Backup ClusterAgent Config Addons Config Gke Backup Agent Config - .
The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = trueto enable. - Horizontal
Pod ClusterAutoscaling Addons Config Horizontal Pod Autoscaling - The status of the Horizontal Pod Autoscaling
addon, which increases or decreases the number of replica pods a replication controller
has based on the resource usage of the existing pods.
It is enabled by default;
set
disabled = trueto disable. - Http
Load ClusterBalancing Addons Config Http Load Balancing - The status of the HTTP (L7) load balancing
controller addon, which makes it easy to set up HTTP load balancers for services in a
cluster. It is enabled by default; set
disabled = trueto disable. - Istio
Config ClusterAddons Config Istio Config - . Structure is documented below.
- Kalm
Config ClusterAddons Config Kalm Config - .
Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = trueto enable. - Network
Policy ClusterConfig Addons Config Network Policy Config - Whether we should enable the network policy addon
for the master. This must be enabled in order to enable network policy for the nodes.
To enable this, you must also define a
network_policyblock, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = falseto enable. - Parallelstore
Csi ClusterDriver Config Addons Config Parallelstore Csi Driver Config The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.29 or later; setenabled = trueto enable it explicitly. See Enable the Parallelstore CSI driver for more information.This example
addons_configdisables two addons:- Ray
Operator List<ClusterConfigs Addons Config Ray Operator Config> . The status of the Ray Operator addon. It is disabled by default. Set
enabled = trueto enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.Ray Operator config has optional subfields
ray_cluster_logging_config.enabledandray_cluster_monitoring_config.enabledwhich control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.- Stateful
Ha ClusterConfig Addons Config Stateful Ha Config - .
The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications.
It is disabled by default for Standard clusters. Set
enabled = trueto enable.
- Cloudrun
Config ClusterAddons Config Cloudrun Config - . Structure is documented below.
- Config
Connector ClusterConfig Addons Config Config Connector Config - .
The status of the ConfigConnector addon. It is disabled by default; Set
enabled = trueto enable. - Dns
Cache ClusterConfig Addons Config Dns Cache Config . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = trueto enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- Gce
Persistent ClusterDisk Csi Driver Config Addons Config Gce Persistent Disk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set
enabled = trueto enable.Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.
- Gcp
Filestore ClusterCsi Driver Config Addons Config Gcp Filestore Csi Driver Config - The status of the Filestore CSI driver addon,
which allows the usage of filestore instance as volumes.
It is disabled by default; set
enabled = trueto enable. - Gcs
Fuse ClusterCsi Driver Config Addons Config Gcs Fuse Csi Driver Config - The status of the GCSFuse CSI driver addon,
which allows the usage of a gcs bucket as volumes.
It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.24 or later; setenabled = trueto enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information. - Gke
Backup ClusterAgent Config Addons Config Gke Backup Agent Config - .
The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = trueto enable. - Horizontal
Pod ClusterAutoscaling Addons Config Horizontal Pod Autoscaling - The status of the Horizontal Pod Autoscaling
addon, which increases or decreases the number of replica pods a replication controller
has based on the resource usage of the existing pods.
It is enabled by default;
set
disabled = trueto disable. - Http
Load ClusterBalancing Addons Config Http Load Balancing - The status of the HTTP (L7) load balancing
controller addon, which makes it easy to set up HTTP load balancers for services in a
cluster. It is enabled by default; set
disabled = trueto disable. - Istio
Config ClusterAddons Config Istio Config - . Structure is documented below.
- Kalm
Config ClusterAddons Config Kalm Config - .
Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = trueto enable. - Network
Policy ClusterConfig Addons Config Network Policy Config - Whether we should enable the network policy addon
for the master. This must be enabled in order to enable network policy for the nodes.
To enable this, you must also define a
network_policyblock, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = falseto enable. - Parallelstore
Csi ClusterDriver Config Addons Config Parallelstore Csi Driver Config The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.29 or later; setenabled = trueto enable it explicitly. See Enable the Parallelstore CSI driver for more information.This example
addons_configdisables two addons:- Ray
Operator []ClusterConfigs Addons Config Ray Operator Config . The status of the Ray Operator addon. It is disabled by default. Set
enabled = trueto enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.Ray Operator config has optional subfields
ray_cluster_logging_config.enabledandray_cluster_monitoring_config.enabledwhich control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.- Stateful
Ha ClusterConfig Addons Config Stateful Ha Config - .
The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications.
It is disabled by default for Standard clusters. Set
enabled = trueto enable.
- cloudrun
Config ClusterAddons Config Cloudrun Config - . Structure is documented below.
- config
Connector ClusterConfig Addons Config Config Connector Config - .
The status of the ConfigConnector addon. It is disabled by default; Set
enabled = trueto enable. - dns
Cache ClusterConfig Addons Config Dns Cache Config . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = trueto enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- gce
Persistent ClusterDisk Csi Driver Config Addons Config Gce Persistent Disk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set
enabled = trueto enable.Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.
- gcp
Filestore ClusterCsi Driver Config Addons Config Gcp Filestore Csi Driver Config - The status of the Filestore CSI driver addon,
which allows the usage of filestore instance as volumes.
It is disabled by default; set
enabled = trueto enable. - gcs
Fuse ClusterCsi Driver Config Addons Config Gcs Fuse Csi Driver Config - The status of the GCSFuse CSI driver addon,
which allows the usage of a gcs bucket as volumes.
It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.24 or later; setenabled = trueto enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information. - gke
Backup ClusterAgent Config Addons Config Gke Backup Agent Config - .
The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = trueto enable. - horizontal
Pod ClusterAutoscaling Addons Config Horizontal Pod Autoscaling - The status of the Horizontal Pod Autoscaling
addon, which increases or decreases the number of replica pods a replication controller
has based on the resource usage of the existing pods.
It is enabled by default;
set
disabled = trueto disable. - http
Load ClusterBalancing Addons Config Http Load Balancing - The status of the HTTP (L7) load balancing
controller addon, which makes it easy to set up HTTP load balancers for services in a
cluster. It is enabled by default; set
disabled = trueto disable. - istio
Config ClusterAddons Config Istio Config - . Structure is documented below.
- kalm
Config ClusterAddons Config Kalm Config - .
Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = trueto enable. - network
Policy ClusterConfig Addons Config Network Policy Config - Whether we should enable the network policy addon
for the master. This must be enabled in order to enable network policy for the nodes.
To enable this, you must also define a
network_policyblock, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = falseto enable. - parallelstore
Csi ClusterDriver Config Addons Config Parallelstore Csi Driver Config The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.29 or later; setenabled = trueto enable it explicitly. See Enable the Parallelstore CSI driver for more information.This example
addons_configdisables two addons:- ray
Operator List<ClusterConfigs Addons Config Ray Operator Config> . The status of the Ray Operator addon. It is disabled by default. Set
enabled = trueto enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.Ray Operator config has optional subfields
ray_cluster_logging_config.enabledandray_cluster_monitoring_config.enabledwhich control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.- stateful
Ha ClusterConfig Addons Config Stateful Ha Config - .
The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications.
It is disabled by default for Standard clusters. Set
enabled = trueto enable.
- cloudrun
Config ClusterAddons Config Cloudrun Config - . Structure is documented below.
- config
Connector ClusterConfig Addons Config Config Connector Config - .
The status of the ConfigConnector addon. It is disabled by default; Set
enabled = trueto enable. - dns
Cache ClusterConfig Addons Config Dns Cache Config . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = trueto enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- gce
Persistent ClusterDisk Csi Driver Config Addons Config Gce Persistent Disk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set
enabled = trueto enable.Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.
- gcp
Filestore ClusterCsi Driver Config Addons Config Gcp Filestore Csi Driver Config - The status of the Filestore CSI driver addon,
which allows the usage of filestore instance as volumes.
It is disabled by default; set
enabled = trueto enable. - gcs
Fuse ClusterCsi Driver Config Addons Config Gcs Fuse Csi Driver Config - The status of the GCSFuse CSI driver addon,
which allows the usage of a gcs bucket as volumes.
It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.24 or later; setenabled = trueto enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information. - gke
Backup ClusterAgent Config Addons Config Gke Backup Agent Config - .
The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = trueto enable. - horizontal
Pod ClusterAutoscaling Addons Config Horizontal Pod Autoscaling - The status of the Horizontal Pod Autoscaling
addon, which increases or decreases the number of replica pods a replication controller
has based on the resource usage of the existing pods.
It is enabled by default;
set
disabled = trueto disable. - http
Load ClusterBalancing Addons Config Http Load Balancing - The status of the HTTP (L7) load balancing
controller addon, which makes it easy to set up HTTP load balancers for services in a
cluster. It is enabled by default; set
disabled = trueto disable. - istio
Config ClusterAddons Config Istio Config - . Structure is documented below.
- kalm
Config ClusterAddons Config Kalm Config - .
Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = trueto enable. - network
Policy ClusterConfig Addons Config Network Policy Config - Whether we should enable the network policy addon
for the master. This must be enabled in order to enable network policy for the nodes.
To enable this, you must also define a
network_policyblock, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = falseto enable. - parallelstore
Csi ClusterDriver Config Addons Config Parallelstore Csi Driver Config The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.29 or later; setenabled = trueto enable it explicitly. See Enable the Parallelstore CSI driver for more information.This example
addons_configdisables two addons:- ray
Operator ClusterConfigs Addons Config Ray Operator Config[] . The status of the Ray Operator addon. It is disabled by default. Set
enabled = trueto enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.Ray Operator config has optional subfields
ray_cluster_logging_config.enabledandray_cluster_monitoring_config.enabledwhich control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.- stateful
Ha ClusterConfig Addons Config Stateful Ha Config - .
The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications.
It is disabled by default for Standard clusters. Set
enabled = trueto enable.
- cloudrun_
config ClusterAddons Config Cloudrun Config - . Structure is documented below.
- config_
connector_ Clusterconfig Addons Config Config Connector Config - .
The status of the ConfigConnector addon. It is disabled by default; Set
enabled = trueto enable. - dns_
cache_ Clusterconfig Addons Config Dns Cache Config . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = trueto enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- gce_
persistent_ Clusterdisk_ csi_ driver_ config Addons Config Gce Persistent Disk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set
enabled = trueto enable.Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.
- gcp_
filestore_ Clustercsi_ driver_ config Addons Config Gcp Filestore Csi Driver Config - The status of the Filestore CSI driver addon,
which allows the usage of filestore instance as volumes.
It is disabled by default; set
enabled = trueto enable. - gcs_
fuse_ Clustercsi_ driver_ config Addons Config Gcs Fuse Csi Driver Config - The status of the GCSFuse CSI driver addon,
which allows the usage of a gcs bucket as volumes.
It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.24 or later; setenabled = trueto enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information. - gke_
backup_ Clusteragent_ config Addons Config Gke Backup Agent Config - .
The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = trueto enable. - horizontal_
pod_ Clusterautoscaling Addons Config Horizontal Pod Autoscaling - The status of the Horizontal Pod Autoscaling
addon, which increases or decreases the number of replica pods a replication controller
has based on the resource usage of the existing pods.
It is enabled by default;
set
disabled = trueto disable. - http_
load_ Clusterbalancing Addons Config Http Load Balancing - The status of the HTTP (L7) load balancing
controller addon, which makes it easy to set up HTTP load balancers for services in a
cluster. It is enabled by default; set
disabled = trueto disable. - istio_
config ClusterAddons Config Istio Config - . Structure is documented below.
- kalm_
config ClusterAddons Config Kalm Config - .
Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = trueto enable. - network_
policy_ Clusterconfig Addons Config Network Policy Config - Whether we should enable the network policy addon
for the master. This must be enabled in order to enable network policy for the nodes.
To enable this, you must also define a
network_policyblock, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = falseto enable. - parallelstore_
csi_ Clusterdriver_ config Addons Config Parallelstore Csi Driver Config The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.29 or later; setenabled = trueto enable it explicitly. See Enable the Parallelstore CSI driver for more information.This example
addons_configdisables two addons:- ray_
operator_ Sequence[Clusterconfigs Addons Config Ray Operator Config] . The status of the Ray Operator addon. It is disabled by default. Set
enabled = trueto enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.Ray Operator config has optional subfields
ray_cluster_logging_config.enabledandray_cluster_monitoring_config.enabledwhich control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.- stateful_
ha_ Clusterconfig Addons Config Stateful Ha Config - .
The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications.
It is disabled by default for Standard clusters. Set
enabled = trueto enable.
- cloudrun
Config Property Map - . Structure is documented below.
- config
Connector Property MapConfig - .
The status of the ConfigConnector addon. It is disabled by default; Set
enabled = trueto enable. - dns
Cache Property MapConfig . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = trueto enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- gce
Persistent Property MapDisk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set
enabled = trueto enable.Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.
- gcp
Filestore Property MapCsi Driver Config - The status of the Filestore CSI driver addon,
which allows the usage of filestore instance as volumes.
It is disabled by default; set
enabled = trueto enable. - gcs
Fuse Property MapCsi Driver Config - The status of the GCSFuse CSI driver addon,
which allows the usage of a gcs bucket as volumes.
It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.24 or later; setenabled = trueto enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information. - gke
Backup Property MapAgent Config - .
The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = trueto enable. - horizontal
Pod Property MapAutoscaling - The status of the Horizontal Pod Autoscaling
addon, which increases or decreases the number of replica pods a replication controller
has based on the resource usage of the existing pods.
It is enabled by default;
set
disabled = trueto disable. - http
Load Property MapBalancing - The status of the HTTP (L7) load balancing
controller addon, which makes it easy to set up HTTP load balancers for services in a
cluster. It is enabled by default; set
disabled = trueto disable. - istio
Config Property Map - . Structure is documented below.
- kalm
Config Property Map - .
Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = trueto enable. - network
Policy Property MapConfig - Whether we should enable the network policy addon
for the master. This must be enabled in order to enable network policy for the nodes.
To enable this, you must also define a
network_policyblock, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = falseto enable. - parallelstore
Csi Property MapDriver Config The status of the Parallelstore CSI driver addon, which allows the usage of a Parallelstore instances as volumes. It is disabled by default for Standard clusters; set
enabled = trueto enable. It is enabled by default for Autopilot clusters with version 1.29 or later; setenabled = trueto enable it explicitly. See Enable the Parallelstore CSI driver for more information.This example
addons_configdisables two addons:- ray
Operator List<Property Map>Configs . The status of the Ray Operator addon. It is disabled by default. Set
enabled = trueto enable. The minimum cluster version to enable Ray is 1.30.0-gke.1747000.Ray Operator config has optional subfields
ray_cluster_logging_config.enabledandray_cluster_monitoring_config.enabledwhich control Ray Cluster logging and monitoring respectively. See Collect and view logs and metrics for Ray clusters on GKE for more information.- stateful
Ha Property MapConfig - .
The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications.
It is disabled by default for Standard clusters. Set
enabled = trueto enable.
ClusterAddonsConfigCloudrunConfig, ClusterAddonsConfigCloudrunConfigArgs
- Disabled bool
- The status of the CloudRun addon. It is disabled by default. Set
disabled=falseto enable. - Load
Balancer stringType - The load balancer type of CloudRun ingress service. It is external load balancer by default.
Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNALto configure it as internal load balancer.
- Disabled bool
- The status of the CloudRun addon. It is disabled by default. Set
disabled=falseto enable. - Load
Balancer stringType - The load balancer type of CloudRun ingress service. It is external load balancer by default.
Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNALto configure it as internal load balancer.
- disabled Boolean
- The status of the CloudRun addon. It is disabled by default. Set
disabled=falseto enable. - load
Balancer StringType - The load balancer type of CloudRun ingress service. It is external load balancer by default.
Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNALto configure it as internal load balancer.
- disabled boolean
- The status of the CloudRun addon. It is disabled by default. Set
disabled=falseto enable. - load
Balancer stringType - The load balancer type of CloudRun ingress service. It is external load balancer by default.
Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNALto configure it as internal load balancer.
- disabled bool
- The status of the CloudRun addon. It is disabled by default. Set
disabled=falseto enable. - load_
balancer_ strtype - The load balancer type of CloudRun ingress service. It is external load balancer by default.
Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNALto configure it as internal load balancer.
- disabled Boolean
- The status of the CloudRun addon. It is disabled by default. Set
disabled=falseto enable. - load
Balancer StringType - The load balancer type of CloudRun ingress service. It is external load balancer by default.
Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNALto configure it as internal load balancer.
ClusterAddonsConfigConfigConnectorConfig, ClusterAddonsConfigConfigConnectorConfigArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClusterAddonsConfigDnsCacheConfig, ClusterAddonsConfigDnsCacheConfigArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClusterAddonsConfigGcePersistentDiskCsiDriverConfig, ClusterAddonsConfigGcePersistentDiskCsiDriverConfigArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClusterAddonsConfigGcpFilestoreCsiDriverConfig, ClusterAddonsConfigGcpFilestoreCsiDriverConfigArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClusterAddonsConfigGcsFuseCsiDriverConfig, ClusterAddonsConfigGcsFuseCsiDriverConfigArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClusterAddonsConfigGkeBackupAgentConfig, ClusterAddonsConfigGkeBackupAgentConfigArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClusterAddonsConfigHorizontalPodAutoscaling, ClusterAddonsConfigHorizontalPodAutoscalingArgs
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
ClusterAddonsConfigHttpLoadBalancing, ClusterAddonsConfigHttpLoadBalancingArgs
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
ClusterAddonsConfigIstioConfig, ClusterAddonsConfigIstioConfigArgs
ClusterAddonsConfigKalmConfig, ClusterAddonsConfigKalmConfigArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClusterAddonsConfigNetworkPolicyConfig, ClusterAddonsConfigNetworkPolicyConfigArgs
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
ClusterAddonsConfigParallelstoreCsiDriverConfig, ClusterAddonsConfigParallelstoreCsiDriverConfigArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClusterAddonsConfigRayOperatorConfig, ClusterAddonsConfigRayOperatorConfigArgs
- Enabled bool
- Ray
Cluster ClusterLogging Config Addons Config Ray Operator Config Ray Cluster Logging Config - The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
- Ray
Cluster ClusterMonitoring Config Addons Config Ray Operator Config Ray Cluster Monitoring Config - The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.
- Enabled bool
- Ray
Cluster ClusterLogging Config Addons Config Ray Operator Config Ray Cluster Logging Config - The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
- Ray
Cluster ClusterMonitoring Config Addons Config Ray Operator Config Ray Cluster Monitoring Config - The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.
- enabled Boolean
- ray
Cluster ClusterLogging Config Addons Config Ray Operator Config Ray Cluster Logging Config - The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
- ray
Cluster ClusterMonitoring Config Addons Config Ray Operator Config Ray Cluster Monitoring Config - The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.
- enabled boolean
- ray
Cluster ClusterLogging Config Addons Config Ray Operator Config Ray Cluster Logging Config - The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
- ray
Cluster ClusterMonitoring Config Addons Config Ray Operator Config Ray Cluster Monitoring Config - The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.
- enabled bool
- ray_
cluster_ Clusterlogging_ config Addons Config Ray Operator Config Ray Cluster Logging Config - The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
- ray_
cluster_ Clustermonitoring_ config Addons Config Ray Operator Config Ray Cluster Monitoring Config - The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.
- enabled Boolean
- ray
Cluster Property MapLogging Config - The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.
- ray
Cluster Property MapMonitoring Config - The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.
ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfig, ClusterAddonsConfigRayOperatorConfigRayClusterLoggingConfigArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfig, ClusterAddonsConfigRayOperatorConfigRayClusterMonitoringConfigArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClusterAddonsConfigStatefulHaConfig, ClusterAddonsConfigStatefulHaConfigArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClusterAuthenticatorGroupsConfig, ClusterAuthenticatorGroupsConfigArgs
- Security
Group string - The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com.
- Security
Group string - The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com.
- security
Group String - The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com.
- security
Group string - The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com.
- security_
group str - The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com.
- security
Group String - The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com.
ClusterBinaryAuthorization, ClusterBinaryAuthorizationArgs
- Enabled bool
- Enable Binary Authorization for this cluster.
- Evaluation
Mode string - Mode of operation for Binary Authorization policy evaluation.
- Enabled bool
- Enable Binary Authorization for this cluster.
- Evaluation
Mode string - Mode of operation for Binary Authorization policy evaluation.
- enabled Boolean
- Enable Binary Authorization for this cluster.
- evaluation
Mode String - Mode of operation for Binary Authorization policy evaluation.
- enabled boolean
- Enable Binary Authorization for this cluster.
- evaluation
Mode string - Mode of operation for Binary Authorization policy evaluation.
- enabled bool
- Enable Binary Authorization for this cluster.
- evaluation_
mode str - Mode of operation for Binary Authorization policy evaluation.
- enabled Boolean
- Enable Binary Authorization for this cluster.
- evaluation
Mode String - Mode of operation for Binary Authorization policy evaluation.
ClusterClusterAutoscaling, ClusterClusterAutoscalingArgs
- Auto
Provisioning ClusterDefaults Cluster Autoscaling Auto Provisioning Defaults - Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- Auto
Provisioning List<string>Locations - The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
- Autoscaling
Profile string - Configuration
options for the Autoscaling profile
feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability
when deciding to remove nodes from a cluster. Can be
BALANCEDorOPTIMIZE_UTILIZATION. Defaults toBALANCED. - Enabled bool
- Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
trueis implied for autopilot clusters. Resource limits forcpuandmemorymust be defined to enable node auto-provisioning for GKE Standard. - Resource
Limits List<ClusterCluster Autoscaling Resource Limit> - Global constraints for machine resources in the
cluster. Configuring the
cpuandmemorytypes is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
- Auto
Provisioning ClusterDefaults Cluster Autoscaling Auto Provisioning Defaults - Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- Auto
Provisioning []stringLocations - The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
- Autoscaling
Profile string - Configuration
options for the Autoscaling profile
feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability
when deciding to remove nodes from a cluster. Can be
BALANCEDorOPTIMIZE_UTILIZATION. Defaults toBALANCED. - Enabled bool
- Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
trueis implied for autopilot clusters. Resource limits forcpuandmemorymust be defined to enable node auto-provisioning for GKE Standard. - Resource
Limits []ClusterCluster Autoscaling Resource Limit - Global constraints for machine resources in the
cluster. Configuring the
cpuandmemorytypes is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
- auto
Provisioning ClusterDefaults Cluster Autoscaling Auto Provisioning Defaults - Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- auto
Provisioning List<String>Locations - The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
- autoscaling
Profile String - Configuration
options for the Autoscaling profile
feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability
when deciding to remove nodes from a cluster. Can be
BALANCEDorOPTIMIZE_UTILIZATION. Defaults toBALANCED. - enabled Boolean
- Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
trueis implied for autopilot clusters. Resource limits forcpuandmemorymust be defined to enable node auto-provisioning for GKE Standard. - resource
Limits List<ClusterCluster Autoscaling Resource Limit> - Global constraints for machine resources in the
cluster. Configuring the
cpuandmemorytypes is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
- auto
Provisioning ClusterDefaults Cluster Autoscaling Auto Provisioning Defaults - Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- auto
Provisioning string[]Locations - The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
- autoscaling
Profile string - Configuration
options for the Autoscaling profile
feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability
when deciding to remove nodes from a cluster. Can be
BALANCEDorOPTIMIZE_UTILIZATION. Defaults toBALANCED. - enabled boolean
- Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
trueis implied for autopilot clusters. Resource limits forcpuandmemorymust be defined to enable node auto-provisioning for GKE Standard. - resource
Limits ClusterCluster Autoscaling Resource Limit[] - Global constraints for machine resources in the
cluster. Configuring the
cpuandmemorytypes is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
- auto_
provisioning_ Clusterdefaults Cluster Autoscaling Auto Provisioning Defaults - Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- auto_
provisioning_ Sequence[str]locations - The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
- autoscaling_
profile str - Configuration
options for the Autoscaling profile
feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability
when deciding to remove nodes from a cluster. Can be
BALANCEDorOPTIMIZE_UTILIZATION. Defaults toBALANCED. - enabled bool
- Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
trueis implied for autopilot clusters. Resource limits forcpuandmemorymust be defined to enable node auto-provisioning for GKE Standard. - resource_
limits Sequence[ClusterCluster Autoscaling Resource Limit] - Global constraints for machine resources in the
cluster. Configuring the
cpuandmemorytypes is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
- auto
Provisioning Property MapDefaults - Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- auto
Provisioning List<String>Locations - The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.
- autoscaling
Profile String - Configuration
options for the Autoscaling profile
feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability
when deciding to remove nodes from a cluster. Can be
BALANCEDorOPTIMIZE_UTILIZATION. Defaults toBALANCED. - enabled Boolean
- Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
trueis implied for autopilot clusters. Resource limits forcpuandmemorymust be defined to enable node auto-provisioning for GKE Standard. - resource
Limits List<Property Map> - Global constraints for machine resources in the
cluster. Configuring the
cpuandmemorytypes is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
ClusterClusterAutoscalingAutoProvisioningDefaults, ClusterClusterAutoscalingAutoProvisioningDefaultsArgs
- Boot
Disk stringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- Disk
Size int - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100 - Disk
Type string - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd', 'pd-balanced', or 'hyperdisk-balanced'). Defaults to
hyperdisk-balancedifhyperdisk-balancedis supported andpd-balancedis not supported for the machine type; otherwise defaults topd-balanced. - Image
Type string - The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24 - Management
Cluster
Cluster Autoscaling Auto Provisioning Defaults Management - NodeManagement configuration for this NodePool. Structure is documented below.
- Min
Cpu stringPlatform - Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- Oauth
Scopes List<string> Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.writeis always enabled regardless of user input.monitoringandlogging.writemay also be enabled depending on the values formonitoring_serviceandlogging_service.- Service
Account string - The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- Shielded
Instance ClusterConfig Cluster Autoscaling Auto Provisioning Defaults Shielded Instance Config - Shielded Instance options. Structure is documented below.
- Upgrade
Settings ClusterCluster Autoscaling Auto Provisioning Defaults Upgrade Settings - Specifies the upgrade settings for NAP created node pools
- Boot
Disk stringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- Disk
Size int - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100 - Disk
Type string - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd', 'pd-balanced', or 'hyperdisk-balanced'). Defaults to
hyperdisk-balancedifhyperdisk-balancedis supported andpd-balancedis not supported for the machine type; otherwise defaults topd-balanced. - Image
Type string - The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24 - Management
Cluster
Cluster Autoscaling Auto Provisioning Defaults Management - NodeManagement configuration for this NodePool. Structure is documented below.
- Min
Cpu stringPlatform - Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- Oauth
Scopes []string Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.writeis always enabled regardless of user input.monitoringandlogging.writemay also be enabled depending on the values formonitoring_serviceandlogging_service.- Service
Account string - The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- Shielded
Instance ClusterConfig Cluster Autoscaling Auto Provisioning Defaults Shielded Instance Config - Shielded Instance options. Structure is documented below.
- Upgrade
Settings ClusterCluster Autoscaling Auto Provisioning Defaults Upgrade Settings - Specifies the upgrade settings for NAP created node pools
- boot
Disk StringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- disk
Size Integer - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100 - disk
Type String - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd', 'pd-balanced', or 'hyperdisk-balanced'). Defaults to
hyperdisk-balancedifhyperdisk-balancedis supported andpd-balancedis not supported for the machine type; otherwise defaults topd-balanced. - image
Type String - The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24 - management
Cluster
Cluster Autoscaling Auto Provisioning Defaults Management - NodeManagement configuration for this NodePool. Structure is documented below.
- min
Cpu StringPlatform - Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- oauth
Scopes List<String> Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.writeis always enabled regardless of user input.monitoringandlogging.writemay also be enabled depending on the values formonitoring_serviceandlogging_service.- service
Account String - The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- shielded
Instance ClusterConfig Cluster Autoscaling Auto Provisioning Defaults Shielded Instance Config - Shielded Instance options. Structure is documented below.
- upgrade
Settings ClusterCluster Autoscaling Auto Provisioning Defaults Upgrade Settings - Specifies the upgrade settings for NAP created node pools
- boot
Disk stringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- disk
Size number - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100 - disk
Type string - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd', 'pd-balanced', or 'hyperdisk-balanced'). Defaults to
hyperdisk-balancedifhyperdisk-balancedis supported andpd-balancedis not supported for the machine type; otherwise defaults topd-balanced. - image
Type string - The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24 - management
Cluster
Cluster Autoscaling Auto Provisioning Defaults Management - NodeManagement configuration for this NodePool. Structure is documented below.
- min
Cpu stringPlatform - Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- oauth
Scopes string[] Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.writeis always enabled regardless of user input.monitoringandlogging.writemay also be enabled depending on the values formonitoring_serviceandlogging_service.- service
Account string - The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- shielded
Instance ClusterConfig Cluster Autoscaling Auto Provisioning Defaults Shielded Instance Config - Shielded Instance options. Structure is documented below.
- upgrade
Settings ClusterCluster Autoscaling Auto Provisioning Defaults Upgrade Settings - Specifies the upgrade settings for NAP created node pools
- boot_
disk_ strkms_ key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- disk_
size int - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100 - disk_
type str - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd', 'pd-balanced', or 'hyperdisk-balanced'). Defaults to
hyperdisk-balancedifhyperdisk-balancedis supported andpd-balancedis not supported for the machine type; otherwise defaults topd-balanced. - image_
type str - The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24 - management
Cluster
Cluster Autoscaling Auto Provisioning Defaults Management - NodeManagement configuration for this NodePool. Structure is documented below.
- min_
cpu_ strplatform - Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- oauth_
scopes Sequence[str] Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.writeis always enabled regardless of user input.monitoringandlogging.writemay also be enabled depending on the values formonitoring_serviceandlogging_service.- service_
account str - The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- shielded_
instance_ Clusterconfig Cluster Autoscaling Auto Provisioning Defaults Shielded Instance Config - Shielded Instance options. Structure is documented below.
- upgrade_
settings ClusterCluster Autoscaling Auto Provisioning Defaults Upgrade Settings - Specifies the upgrade settings for NAP created node pools
- boot
Disk StringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- disk
Size Number - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100 - disk
Type String - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd', 'pd-balanced', or 'hyperdisk-balanced'). Defaults to
hyperdisk-balancedifhyperdisk-balancedis supported andpd-balancedis not supported for the machine type; otherwise defaults topd-balanced. - image
Type String - The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24 - management Property Map
- NodeManagement configuration for this NodePool. Structure is documented below.
- min
Cpu StringPlatform - Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- oauth
Scopes List<String> Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.writeis always enabled regardless of user input.monitoringandlogging.writemay also be enabled depending on the values formonitoring_serviceandlogging_service.- service
Account String - The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- shielded
Instance Property MapConfig - Shielded Instance options. Structure is documented below.
- upgrade
Settings Property Map - Specifies the upgrade settings for NAP created node pools
ClusterClusterAutoscalingAutoProvisioningDefaultsManagement, ClusterClusterAutoscalingAutoProvisioningDefaultsManagementArgs
- Auto
Repair bool Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- Auto
Upgrade bool - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- Upgrade
Options List<ClusterCluster Autoscaling Auto Provisioning Defaults Management Upgrade Option> - Specifies the Auto Upgrade knobs for the node pool.
- Auto
Repair bool Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- Auto
Upgrade bool - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- Upgrade
Options []ClusterCluster Autoscaling Auto Provisioning Defaults Management Upgrade Option - Specifies the Auto Upgrade knobs for the node pool.
- auto
Repair Boolean Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto
Upgrade Boolean - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- upgrade
Options List<ClusterCluster Autoscaling Auto Provisioning Defaults Management Upgrade Option> - Specifies the Auto Upgrade knobs for the node pool.
- auto
Repair boolean Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto
Upgrade boolean - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- upgrade
Options ClusterCluster Autoscaling Auto Provisioning Defaults Management Upgrade Option[] - Specifies the Auto Upgrade knobs for the node pool.
- auto_
repair bool Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto_
upgrade bool - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- upgrade_
options Sequence[ClusterCluster Autoscaling Auto Provisioning Defaults Management Upgrade Option] - Specifies the Auto Upgrade knobs for the node pool.
- auto
Repair Boolean Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto
Upgrade Boolean - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- upgrade
Options List<Property Map> - Specifies the Auto Upgrade knobs for the node pool.
ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption, ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArgs
- Auto
Upgrade stringStart Time - This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
- Description string
- Description of the cluster.
- Auto
Upgrade stringStart Time - This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
- Description string
- Description of the cluster.
- auto
Upgrade StringStart Time - This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
- description String
- Description of the cluster.
- auto
Upgrade stringStart Time - This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
- description string
- Description of the cluster.
- auto_
upgrade_ strstart_ time - This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
- description str
- Description of the cluster.
- auto
Upgrade StringStart Time - This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
- description String
- Description of the cluster.
ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig, ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfigArgs
- Enable
Integrity boolMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- Enable
Secure boolBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- Enable
Integrity boolMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- Enable
Secure boolBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable
Integrity BooleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable
Secure BooleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable
Integrity booleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable
Secure booleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable_
integrity_ boolmonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable_
secure_ boolboot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable
Integrity BooleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable
Secure BooleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsArgs
- Blue
Green ClusterSettings Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- Max
Surge int - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- int
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Strategy string
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- Blue
Green ClusterSettings Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- Max
Surge int - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- int
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Strategy string
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue
Green ClusterSettings Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max
Surge Integer - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Integer
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy String
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue
Green ClusterSettings Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max
Surge number - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- number
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy string
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue_
green_ Clustersettings Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max_
surge int - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- int
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy str
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue
Green Property MapSettings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max
Surge Number - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Number
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy String
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsArgs
- Node
Pool stringSoak Duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- Standard
Rollout ClusterPolicy Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Standard Rollout Policy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- Node
Pool stringSoak Duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- Standard
Rollout ClusterPolicy Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Standard Rollout Policy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node
Pool StringSoak Duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard
Rollout ClusterPolicy Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Standard Rollout Policy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node
Pool stringSoak Duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard
Rollout ClusterPolicy Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Standard Rollout Policy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node_
pool_ strsoak_ duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard_
rollout_ Clusterpolicy Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Standard Rollout Policy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node
Pool StringSoak Duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard
Rollout Property MapPolicy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs
- Batch
Node intCount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Percentage double - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Soak stringDuration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- Batch
Node intCount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Percentage float64 - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Soak stringDuration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch
Node IntegerCount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch
Percentage Double - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch
Soak StringDuration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch
Node numberCount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch
Percentage number - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch
Soak stringDuration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch_
node_ intcount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch_
percentage float - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch_
soak_ strduration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch
Node NumberCount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch
Percentage Number - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch
Soak StringDuration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
ClusterClusterAutoscalingResourceLimit, ClusterClusterAutoscalingResourceLimitArgs
- Maximum int
- Maximum amount of the resource in the cluster.
- Resource
Type string - The type of the resource. For example,
cpuandmemory. See the guide to using Node Auto-Provisioning for a list of types. - Minimum int
- Minimum amount of the resource in the cluster.
- Maximum int
- Maximum amount of the resource in the cluster.
- Resource
Type string - The type of the resource. For example,
cpuandmemory. See the guide to using Node Auto-Provisioning for a list of types. - Minimum int
- Minimum amount of the resource in the cluster.
- maximum Integer
- Maximum amount of the resource in the cluster.
- resource
Type String - The type of the resource. For example,
cpuandmemory. See the guide to using Node Auto-Provisioning for a list of types. - minimum Integer
- Minimum amount of the resource in the cluster.
- maximum number
- Maximum amount of the resource in the cluster.
- resource
Type string - The type of the resource. For example,
cpuandmemory. See the guide to using Node Auto-Provisioning for a list of types. - minimum number
- Minimum amount of the resource in the cluster.
- maximum int
- Maximum amount of the resource in the cluster.
- resource_
type str - The type of the resource. For example,
cpuandmemory. See the guide to using Node Auto-Provisioning for a list of types. - minimum int
- Minimum amount of the resource in the cluster.
- maximum Number
- Maximum amount of the resource in the cluster.
- resource
Type String - The type of the resource. For example,
cpuandmemory. See the guide to using Node Auto-Provisioning for a list of types. - minimum Number
- Minimum amount of the resource in the cluster.
ClusterClusterTelemetry, ClusterClusterTelemetryArgs
- Type string
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
- Type string
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
- type String
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
- type string
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
- type str
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
- type String
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
ClusterConfidentialNodes, ClusterConfidentialNodesArgs
- Enabled bool
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- Enabled bool
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled Boolean
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled boolean
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled bool
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled Boolean
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
ClusterControlPlaneEndpointsConfig, ClusterControlPlaneEndpointsConfigArgs
- Dns
Endpoint ClusterConfig Control Plane Endpoints Config Dns Endpoint Config - DNS endpoint configuration.
- Dns
Endpoint ClusterConfig Control Plane Endpoints Config Dns Endpoint Config - DNS endpoint configuration.
- dns
Endpoint ClusterConfig Control Plane Endpoints Config Dns Endpoint Config - DNS endpoint configuration.
- dns
Endpoint ClusterConfig Control Plane Endpoints Config Dns Endpoint Config - DNS endpoint configuration.
- dns_
endpoint_ Clusterconfig Control Plane Endpoints Config Dns Endpoint Config - DNS endpoint configuration.
- dns
Endpoint Property MapConfig - DNS endpoint configuration.
ClusterControlPlaneEndpointsConfigDnsEndpointConfig, ClusterControlPlaneEndpointsConfigDnsEndpointConfigArgs
- Allow
External boolTraffic - Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
- Endpoint string
- The cluster's DNS endpoint.
- Allow
External boolTraffic - Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
- Endpoint string
- The cluster's DNS endpoint.
- allow
External BooleanTraffic - Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
- endpoint String
- The cluster's DNS endpoint.
- allow
External booleanTraffic - Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
- endpoint string
- The cluster's DNS endpoint.
- allow_
external_ booltraffic - Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
- endpoint str
- The cluster's DNS endpoint.
- allow
External BooleanTraffic - Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.
- endpoint String
- The cluster's DNS endpoint.
ClusterCostManagementConfig, ClusterCostManagementConfigArgs
- Enabled bool
- Whether to enable the cost allocation feature.
- Enabled bool
- Whether to enable the cost allocation feature.
- enabled Boolean
- Whether to enable the cost allocation feature.
- enabled boolean
- Whether to enable the cost allocation feature.
- enabled bool
- Whether to enable the cost allocation feature.
- enabled Boolean
- Whether to enable the cost allocation feature.
ClusterDatabaseEncryption, ClusterDatabaseEncryptionArgs
- State string
ENCRYPTEDorDECRYPTED- Key
Name string the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apisblock supports:
- State string
ENCRYPTEDorDECRYPTED- Key
Name string the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apisblock supports:
- state String
ENCRYPTEDorDECRYPTED- key
Name String the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apisblock supports:
- state string
ENCRYPTEDorDECRYPTED- key
Name string the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apisblock supports:
- state str
ENCRYPTEDorDECRYPTED- key_
name str the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apisblock supports:
- state String
ENCRYPTEDorDECRYPTED- key
Name String the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apisblock supports:
ClusterDefaultSnatStatus, ClusterDefaultSnatStatusArgs
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
ClusterDnsConfig, ClusterDnsConfigArgs
- Additive
Vpc stringScope Dns Domain - This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work
cluster_dns = "CLOUD_DNS"andcluster_dns_scope = "CLUSTER_SCOPE"must both be set as well. - Cluster
Dns string - Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED(default) orPLATFORM_DEFAULTorCLOUD_DNS. - Cluster
Dns stringDomain - The suffix used for all cluster service records.
- Cluster
Dns stringScope - The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED(default) orCLUSTER_SCOPEorVPC_SCOPE.
- Additive
Vpc stringScope Dns Domain - This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work
cluster_dns = "CLOUD_DNS"andcluster_dns_scope = "CLUSTER_SCOPE"must both be set as well. - Cluster
Dns string - Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED(default) orPLATFORM_DEFAULTorCLOUD_DNS. - Cluster
Dns stringDomain - The suffix used for all cluster service records.
- Cluster
Dns stringScope - The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED(default) orCLUSTER_SCOPEorVPC_SCOPE.
- additive
Vpc StringScope Dns Domain - This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work
cluster_dns = "CLOUD_DNS"andcluster_dns_scope = "CLUSTER_SCOPE"must both be set as well. - cluster
Dns String - Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED(default) orPLATFORM_DEFAULTorCLOUD_DNS. - cluster
Dns StringDomain - The suffix used for all cluster service records.
- cluster
Dns StringScope - The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED(default) orCLUSTER_SCOPEorVPC_SCOPE.
- additive
Vpc stringScope Dns Domain - This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work
cluster_dns = "CLOUD_DNS"andcluster_dns_scope = "CLUSTER_SCOPE"must both be set as well. - cluster
Dns string - Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED(default) orPLATFORM_DEFAULTorCLOUD_DNS. - cluster
Dns stringDomain - The suffix used for all cluster service records.
- cluster
Dns stringScope - The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED(default) orCLUSTER_SCOPEorVPC_SCOPE.
- additive_
vpc_ strscope_ dns_ domain - This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work
cluster_dns = "CLOUD_DNS"andcluster_dns_scope = "CLUSTER_SCOPE"must both be set as well. - cluster_
dns str - Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED(default) orPLATFORM_DEFAULTorCLOUD_DNS. - cluster_
dns_ strdomain - The suffix used for all cluster service records.
- cluster_
dns_ strscope - The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED(default) orCLUSTER_SCOPEorVPC_SCOPE.
- additive
Vpc StringScope Dns Domain - This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work
cluster_dns = "CLOUD_DNS"andcluster_dns_scope = "CLUSTER_SCOPE"must both be set as well. - cluster
Dns String - Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED(default) orPLATFORM_DEFAULTorCLOUD_DNS. - cluster
Dns StringDomain - The suffix used for all cluster service records.
- cluster
Dns StringScope - The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED(default) orCLUSTER_SCOPEorVPC_SCOPE.
ClusterEnableK8sBetaApis, ClusterEnableK8sBetaApisArgs
- Enabled
Apis List<string> - Enabled Kubernetes Beta APIs.
- Enabled
Apis []string - Enabled Kubernetes Beta APIs.
- enabled
Apis List<String> - Enabled Kubernetes Beta APIs.
- enabled
Apis string[] - Enabled Kubernetes Beta APIs.
- enabled_
apis Sequence[str] - Enabled Kubernetes Beta APIs.
- enabled
Apis List<String> - Enabled Kubernetes Beta APIs.
ClusterEnterpriseConfig, ClusterEnterpriseConfigArgs
- Cluster
Tier string - The effective tier of the cluster.
- Desired
Tier string - Sets the tier of the cluster. Available options include
STANDARDandENTERPRISE.
- Cluster
Tier string - The effective tier of the cluster.
- Desired
Tier string - Sets the tier of the cluster. Available options include
STANDARDandENTERPRISE.
- cluster
Tier String - The effective tier of the cluster.
- desired
Tier String - Sets the tier of the cluster. Available options include
STANDARDandENTERPRISE.
- cluster
Tier string - The effective tier of the cluster.
- desired
Tier string - Sets the tier of the cluster. Available options include
STANDARDandENTERPRISE.
- cluster_
tier str - The effective tier of the cluster.
- desired_
tier str - Sets the tier of the cluster. Available options include
STANDARDandENTERPRISE.
- cluster
Tier String - The effective tier of the cluster.
- desired
Tier String - Sets the tier of the cluster. Available options include
STANDARDandENTERPRISE.
ClusterFleet, ClusterFleetArgs
- Membership string
- The resource name of the fleet Membership resource associated to this cluster with format
//gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management. - Membership
Id string - The short name of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_idunder google_gkehub_feature_membership. - Membership
Location string - The location of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_locationunder google_gkehub_feature_membership. - Pre
Registered bool - Whether the cluster has been registered via the fleet API.
- Project string
- The name of the Fleet host project where this cluster will be registered.
- Membership string
- The resource name of the fleet Membership resource associated to this cluster with format
//gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management. - Membership
Id string - The short name of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_idunder google_gkehub_feature_membership. - Membership
Location string - The location of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_locationunder google_gkehub_feature_membership. - Pre
Registered bool - Whether the cluster has been registered via the fleet API.
- Project string
- The name of the Fleet host project where this cluster will be registered.
- membership String
- The resource name of the fleet Membership resource associated to this cluster with format
//gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management. - membership
Id String - The short name of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_idunder google_gkehub_feature_membership. - membership
Location String - The location of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_locationunder google_gkehub_feature_membership. - pre
Registered Boolean - Whether the cluster has been registered via the fleet API.
- project String
- The name of the Fleet host project where this cluster will be registered.
- membership string
- The resource name of the fleet Membership resource associated to this cluster with format
//gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management. - membership
Id string - The short name of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_idunder google_gkehub_feature_membership. - membership
Location string - The location of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_locationunder google_gkehub_feature_membership. - pre
Registered boolean - Whether the cluster has been registered via the fleet API.
- project string
- The name of the Fleet host project where this cluster will be registered.
- membership str
- The resource name of the fleet Membership resource associated to this cluster with format
//gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management. - membership_
id str - The short name of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_idunder google_gkehub_feature_membership. - membership_
location str - The location of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_locationunder google_gkehub_feature_membership. - pre_
registered bool - Whether the cluster has been registered via the fleet API.
- project str
- The name of the Fleet host project where this cluster will be registered.
- membership String
- The resource name of the fleet Membership resource associated to this cluster with format
//gkehub.googleapis.com/projects/{{project}}/locations/{{location}}/memberships/{{name}}. See the official doc for fleet management. - membership
Id String - The short name of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_idunder google_gkehub_feature_membership. - membership
Location String - The location of the fleet membership, extracted from
fleet.0.membership. You can use this field to configuremembership_locationunder google_gkehub_feature_membership. - pre
Registered Boolean - Whether the cluster has been registered via the fleet API.
- project String
- The name of the Fleet host project where this cluster will be registered.
ClusterGatewayApiConfig, ClusterGatewayApiConfigArgs
- Channel string
- Which Gateway Api channel should be used.
CHANNEL_DISABLED,CHANNEL_EXPERIMENTALorCHANNEL_STANDARD.
- Channel string
- Which Gateway Api channel should be used.
CHANNEL_DISABLED,CHANNEL_EXPERIMENTALorCHANNEL_STANDARD.
- channel String
- Which Gateway Api channel should be used.
CHANNEL_DISABLED,CHANNEL_EXPERIMENTALorCHANNEL_STANDARD.
- channel string
- Which Gateway Api channel should be used.
CHANNEL_DISABLED,CHANNEL_EXPERIMENTALorCHANNEL_STANDARD.
- channel str
- Which Gateway Api channel should be used.
CHANNEL_DISABLED,CHANNEL_EXPERIMENTALorCHANNEL_STANDARD.
- channel String
- Which Gateway Api channel should be used.
CHANNEL_DISABLED,CHANNEL_EXPERIMENTALorCHANNEL_STANDARD.
ClusterIdentityServiceConfig, ClusterIdentityServiceConfigArgs
- Enabled bool
- Whether to enable the Identity Service component. It is disabled by default. Set
enabled=trueto enable.
- Enabled bool
- Whether to enable the Identity Service component. It is disabled by default. Set
enabled=trueto enable.
- enabled Boolean
- Whether to enable the Identity Service component. It is disabled by default. Set
enabled=trueto enable.
- enabled boolean
- Whether to enable the Identity Service component. It is disabled by default. Set
enabled=trueto enable.
- enabled bool
- Whether to enable the Identity Service component. It is disabled by default. Set
enabled=trueto enable.
- enabled Boolean
- Whether to enable the Identity Service component. It is disabled by default. Set
enabled=trueto enable.
ClusterIpAllocationPolicy, ClusterIpAllocationPolicyArgs
- Additional
Pod ClusterRanges Config Ip Allocation Policy Additional Pod Ranges Config - The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- Cluster
Ipv4Cidr stringBlock - The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- Cluster
Secondary stringRange Name - The name of the existing secondary
range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - Pod
Cidr ClusterOverprovision Config Ip Allocation Policy Pod Cidr Overprovision Config - Configuration for cluster level pod cidr overprovision. Default is disabled=false.
- Services
Ipv4Cidr stringBlock - The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- Services
Secondary stringRange Name - The name of the existing
secondary range in the cluster's subnetwork to use for service
ClusterIPs. Alternatively,services_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - Stack
Type string - The IP Stack Type of the cluster.
Default value is
IPV4. Possible values areIPV4andIPV4_IPV6.
- Additional
Pod ClusterRanges Config Ip Allocation Policy Additional Pod Ranges Config - The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- Cluster
Ipv4Cidr stringBlock - The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- Cluster
Secondary stringRange Name - The name of the existing secondary
range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - Pod
Cidr ClusterOverprovision Config Ip Allocation Policy Pod Cidr Overprovision Config - Configuration for cluster level pod cidr overprovision. Default is disabled=false.
- Services
Ipv4Cidr stringBlock - The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- Services
Secondary stringRange Name - The name of the existing
secondary range in the cluster's subnetwork to use for service
ClusterIPs. Alternatively,services_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - Stack
Type string - The IP Stack Type of the cluster.
Default value is
IPV4. Possible values areIPV4andIPV4_IPV6.
- additional
Pod ClusterRanges Config Ip Allocation Policy Additional Pod Ranges Config - The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- cluster
Ipv4Cidr StringBlock - The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- cluster
Secondary StringRange Name - The name of the existing secondary
range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - pod
Cidr ClusterOverprovision Config Ip Allocation Policy Pod Cidr Overprovision Config - Configuration for cluster level pod cidr overprovision. Default is disabled=false.
- services
Ipv4Cidr StringBlock - The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- services
Secondary StringRange Name - The name of the existing
secondary range in the cluster's subnetwork to use for service
ClusterIPs. Alternatively,services_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - stack
Type String - The IP Stack Type of the cluster.
Default value is
IPV4. Possible values areIPV4andIPV4_IPV6.
- additional
Pod ClusterRanges Config Ip Allocation Policy Additional Pod Ranges Config - The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- cluster
Ipv4Cidr stringBlock - The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- cluster
Secondary stringRange Name - The name of the existing secondary
range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - pod
Cidr ClusterOverprovision Config Ip Allocation Policy Pod Cidr Overprovision Config - Configuration for cluster level pod cidr overprovision. Default is disabled=false.
- services
Ipv4Cidr stringBlock - The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- services
Secondary stringRange Name - The name of the existing
secondary range in the cluster's subnetwork to use for service
ClusterIPs. Alternatively,services_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - stack
Type string - The IP Stack Type of the cluster.
Default value is
IPV4. Possible values areIPV4andIPV4_IPV6.
- additional_
pod_ Clusterranges_ config Ip Allocation Policy Additional Pod Ranges Config - The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- cluster_
ipv4_ strcidr_ block - The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- cluster_
secondary_ strrange_ name - The name of the existing secondary
range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - pod_
cidr_ Clusteroverprovision_ config Ip Allocation Policy Pod Cidr Overprovision Config - Configuration for cluster level pod cidr overprovision. Default is disabled=false.
- services_
ipv4_ strcidr_ block - The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- services_
secondary_ strrange_ name - The name of the existing
secondary range in the cluster's subnetwork to use for service
ClusterIPs. Alternatively,services_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - stack_
type str - The IP Stack Type of the cluster.
Default value is
IPV4. Possible values areIPV4andIPV4_IPV6.
- additional
Pod Property MapRanges Config - The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- cluster
Ipv4Cidr StringBlock - The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- cluster
Secondary StringRange Name - The name of the existing secondary
range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - pod
Cidr Property MapOverprovision Config - Configuration for cluster level pod cidr overprovision. Default is disabled=false.
- services
Ipv4Cidr StringBlock - The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- services
Secondary StringRange Name - The name of the existing
secondary range in the cluster's subnetwork to use for service
ClusterIPs. Alternatively,services_ipv4_cidr_blockcan be used to automatically create a GKE-managed one. - stack
Type String - The IP Stack Type of the cluster.
Default value is
IPV4. Possible values areIPV4andIPV4_IPV6.
ClusterIpAllocationPolicyAdditionalPodRangesConfig, ClusterIpAllocationPolicyAdditionalPodRangesConfigArgs
- Pod
Range List<string>Names - The names of the Pod ranges to add to the cluster.
- Pod
Range []stringNames - The names of the Pod ranges to add to the cluster.
- pod
Range List<String>Names - The names of the Pod ranges to add to the cluster.
- pod
Range string[]Names - The names of the Pod ranges to add to the cluster.
- pod_
range_ Sequence[str]names - The names of the Pod ranges to add to the cluster.
- pod
Range List<String>Names - The names of the Pod ranges to add to the cluster.
ClusterIpAllocationPolicyPodCidrOverprovisionConfig, ClusterIpAllocationPolicyPodCidrOverprovisionConfigArgs
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
ClusterLoggingConfig, ClusterLoggingConfigArgs
- Enable
Components List<string> - The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS,APISERVER,CONTROLLER_MANAGER,SCHEDULER, andWORKLOADS.
- Enable
Components []string - The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS,APISERVER,CONTROLLER_MANAGER,SCHEDULER, andWORKLOADS.
- enable
Components List<String> - The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS,APISERVER,CONTROLLER_MANAGER,SCHEDULER, andWORKLOADS.
- enable
Components string[] - The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS,APISERVER,CONTROLLER_MANAGER,SCHEDULER, andWORKLOADS.
- enable_
components Sequence[str] - The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS,APISERVER,CONTROLLER_MANAGER,SCHEDULER, andWORKLOADS.
- enable
Components List<String> - The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS,APISERVER,CONTROLLER_MANAGER,SCHEDULER, andWORKLOADS.
ClusterMaintenancePolicy, ClusterMaintenancePolicyArgs
- Daily
Maintenance ClusterWindow Maintenance Policy Daily Maintenance Window Time window specified for daily maintenance operations. Specify
start_timein RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
- Maintenance
Exclusions List<ClusterMaintenance Policy Maintenance Exclusion> - Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- Recurring
Window ClusterMaintenance Policy Recurring Window Time window for recurring maintenance operations.
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-08-01T02:00:00Z" end_time = "2019-08-01T06:00:00Z" recurrence = "FREQ=DAILY" } }maintenance_policy { recurring_window { start_time = "2019-01-01T09:00:00Z" end_time = "2019-01-01T17:00:00Z" recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR" } }
- Daily
Maintenance ClusterWindow Maintenance Policy Daily Maintenance Window Time window specified for daily maintenance operations. Specify
start_timein RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
- Maintenance
Exclusions []ClusterMaintenance Policy Maintenance Exclusion - Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- Recurring
Window ClusterMaintenance Policy Recurring Window Time window for recurring maintenance operations.
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-08-01T02:00:00Z" end_time = "2019-08-01T06:00:00Z" recurrence = "FREQ=DAILY" } }maintenance_policy { recurring_window { start_time = "2019-01-01T09:00:00Z" end_time = "2019-01-01T17:00:00Z" recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR" } }
- daily
Maintenance ClusterWindow Maintenance Policy Daily Maintenance Window Time window specified for daily maintenance operations. Specify
start_timein RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
- maintenance
Exclusions List<ClusterMaintenance Policy Maintenance Exclusion> - Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- recurring
Window ClusterMaintenance Policy Recurring Window Time window for recurring maintenance operations.
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-08-01T02:00:00Z" end_time = "2019-08-01T06:00:00Z" recurrence = "FREQ=DAILY" } }maintenance_policy { recurring_window { start_time = "2019-01-01T09:00:00Z" end_time = "2019-01-01T17:00:00Z" recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR" } }
- daily
Maintenance ClusterWindow Maintenance Policy Daily Maintenance Window Time window specified for daily maintenance operations. Specify
start_timein RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
- maintenance
Exclusions ClusterMaintenance Policy Maintenance Exclusion[] - Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- recurring
Window ClusterMaintenance Policy Recurring Window Time window for recurring maintenance operations.
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-08-01T02:00:00Z" end_time = "2019-08-01T06:00:00Z" recurrence = "FREQ=DAILY" } }maintenance_policy { recurring_window { start_time = "2019-01-01T09:00:00Z" end_time = "2019-01-01T17:00:00Z" recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR" } }
- daily_
maintenance_ Clusterwindow Maintenance Policy Daily Maintenance Window Time window specified for daily maintenance operations. Specify
start_timein RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
- maintenance_
exclusions Sequence[ClusterMaintenance Policy Maintenance Exclusion] - Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- recurring_
window ClusterMaintenance Policy Recurring Window Time window for recurring maintenance operations.
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-08-01T02:00:00Z" end_time = "2019-08-01T06:00:00Z" recurrence = "FREQ=DAILY" } }maintenance_policy { recurring_window { start_time = "2019-01-01T09:00:00Z" end_time = "2019-01-01T17:00:00Z" recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR" } }
- daily
Maintenance Property MapWindow Time window specified for daily maintenance operations. Specify
start_timein RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
- maintenance
Exclusions List<Property Map> - Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- recurring
Window Property Map Time window for recurring maintenance operations.
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-08-01T02:00:00Z" end_time = "2019-08-01T06:00:00Z" recurrence = "FREQ=DAILY" } }maintenance_policy { recurring_window { start_time = "2019-01-01T09:00:00Z" end_time = "2019-01-01T17:00:00Z" recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR" } }
ClusterMaintenancePolicyDailyMaintenanceWindow, ClusterMaintenancePolicyDailyMaintenanceWindowArgs
- start_
time str - duration str
- Duration of the time window, automatically chosen to be smallest possible in the given scenario. Duration will be in RFC3339 format "PTnHnMnS".
ClusterMaintenancePolicyMaintenanceExclusion, ClusterMaintenancePolicyMaintenanceExclusionArgs
- End
Time string - Exclusion
Name string - Start
Time string - Exclusion
Options ClusterMaintenance Policy Maintenance Exclusion Exclusion Options - MaintenanceExclusionOptions provides maintenance exclusion related options.
- End
Time string - Exclusion
Name string - Start
Time string - Exclusion
Options ClusterMaintenance Policy Maintenance Exclusion Exclusion Options - MaintenanceExclusionOptions provides maintenance exclusion related options.
- end
Time String - exclusion
Name String - start
Time String - exclusion
Options ClusterMaintenance Policy Maintenance Exclusion Exclusion Options - MaintenanceExclusionOptions provides maintenance exclusion related options.
- end
Time string - exclusion
Name string - start
Time string - exclusion
Options ClusterMaintenance Policy Maintenance Exclusion Exclusion Options - MaintenanceExclusionOptions provides maintenance exclusion related options.
- end_
time str - exclusion_
name str - start_
time str - exclusion_
options ClusterMaintenance Policy Maintenance Exclusion Exclusion Options - MaintenanceExclusionOptions provides maintenance exclusion related options.
- end
Time String - exclusion
Name String - start
Time String - exclusion
Options Property Map - MaintenanceExclusionOptions provides maintenance exclusion related options.
ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions, ClusterMaintenancePolicyMaintenanceExclusionExclusionOptionsArgs
- Scope string
The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" recurrence = "FREQ=DAILY" } maintenance_exclusion{ exclusion_name = "batch job" start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" exclusion_options { scope = "NO_UPGRADES" } } maintenance_exclusion{ exclusion_name = "holiday data load" start_time = "2019-05-01T00:00:00Z" end_time = "2019-05-02T00:00:00Z" exclusion_options { scope = "NO_MINOR_UPGRADES" } } }
- Scope string
The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" recurrence = "FREQ=DAILY" } maintenance_exclusion{ exclusion_name = "batch job" start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" exclusion_options { scope = "NO_UPGRADES" } } maintenance_exclusion{ exclusion_name = "holiday data load" start_time = "2019-05-01T00:00:00Z" end_time = "2019-05-02T00:00:00Z" exclusion_options { scope = "NO_MINOR_UPGRADES" } } }
- scope String
The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" recurrence = "FREQ=DAILY" } maintenance_exclusion{ exclusion_name = "batch job" start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" exclusion_options { scope = "NO_UPGRADES" } } maintenance_exclusion{ exclusion_name = "holiday data load" start_time = "2019-05-01T00:00:00Z" end_time = "2019-05-02T00:00:00Z" exclusion_options { scope = "NO_MINOR_UPGRADES" } } }
- scope string
The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" recurrence = "FREQ=DAILY" } maintenance_exclusion{ exclusion_name = "batch job" start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" exclusion_options { scope = "NO_UPGRADES" } } maintenance_exclusion{ exclusion_name = "holiday data load" start_time = "2019-05-01T00:00:00Z" end_time = "2019-05-02T00:00:00Z" exclusion_options { scope = "NO_MINOR_UPGRADES" } } }
- scope str
The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" recurrence = "FREQ=DAILY" } maintenance_exclusion{ exclusion_name = "batch job" start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" exclusion_options { scope = "NO_UPGRADES" } } maintenance_exclusion{ exclusion_name = "holiday data load" start_time = "2019-05-01T00:00:00Z" end_time = "2019-05-02T00:00:00Z" exclusion_options { scope = "NO_MINOR_UPGRADES" } } }
- scope String
The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES
Specify
start_timeandend_timein RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specifyrecurrencein RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
maintenance_policy { recurring_window { start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" recurrence = "FREQ=DAILY" } maintenance_exclusion{ exclusion_name = "batch job" start_time = "2019-01-01T00:00:00Z" end_time = "2019-01-02T00:00:00Z" exclusion_options { scope = "NO_UPGRADES" } } maintenance_exclusion{ exclusion_name = "holiday data load" start_time = "2019-05-01T00:00:00Z" end_time = "2019-05-02T00:00:00Z" exclusion_options { scope = "NO_MINOR_UPGRADES" } } }
ClusterMaintenancePolicyRecurringWindow, ClusterMaintenancePolicyRecurringWindowArgs
- End
Time string - Recurrence string
- Start
Time string
- End
Time string - Recurrence string
- Start
Time string
- end
Time String - recurrence String
- start
Time String
- end
Time string - recurrence string
- start
Time string
- end_
time str - recurrence str
- start_
time str
- end
Time String - recurrence String
- start
Time String
ClusterMasterAuth, ClusterMasterAuthArgs
- Client
Certificate ClusterConfig Master Auth Client Certificate Config - Whether client certificate authorization is enabled for this cluster. For example:
- Client
Certificate string - Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
- Client
Key string - Base64 encoded private key used by clients to authenticate to the cluster endpoint.
- Cluster
Ca stringCertificate - Base64 encoded public certificate that is the root certificate of the cluster.
- Client
Certificate ClusterConfig Master Auth Client Certificate Config - Whether client certificate authorization is enabled for this cluster. For example:
- Client
Certificate string - Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
- Client
Key string - Base64 encoded private key used by clients to authenticate to the cluster endpoint.
- Cluster
Ca stringCertificate - Base64 encoded public certificate that is the root certificate of the cluster.
- client
Certificate ClusterConfig Master Auth Client Certificate Config - Whether client certificate authorization is enabled for this cluster. For example:
- client
Certificate String - Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
- client
Key String - Base64 encoded private key used by clients to authenticate to the cluster endpoint.
- cluster
Ca StringCertificate - Base64 encoded public certificate that is the root certificate of the cluster.
- client
Certificate ClusterConfig Master Auth Client Certificate Config - Whether client certificate authorization is enabled for this cluster. For example:
- client
Certificate string - Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
- client
Key string - Base64 encoded private key used by clients to authenticate to the cluster endpoint.
- cluster
Ca stringCertificate - Base64 encoded public certificate that is the root certificate of the cluster.
- client_
certificate_ Clusterconfig Master Auth Client Certificate Config - Whether client certificate authorization is enabled for this cluster. For example:
- client_
certificate str - Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
- client_
key str - Base64 encoded private key used by clients to authenticate to the cluster endpoint.
- cluster_
ca_ strcertificate - Base64 encoded public certificate that is the root certificate of the cluster.
- client
Certificate Property MapConfig - Whether client certificate authorization is enabled for this cluster. For example:
- client
Certificate String - Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
- client
Key String - Base64 encoded private key used by clients to authenticate to the cluster endpoint.
- cluster
Ca StringCertificate - Base64 encoded public certificate that is the root certificate of the cluster.
ClusterMasterAuthClientCertificateConfig, ClusterMasterAuthClientCertificateConfigArgs
- Issue
Client boolCertificate - Whether client certificate authorization is enabled for this cluster.
- Issue
Client boolCertificate - Whether client certificate authorization is enabled for this cluster.
- issue
Client BooleanCertificate - Whether client certificate authorization is enabled for this cluster.
- issue
Client booleanCertificate - Whether client certificate authorization is enabled for this cluster.
- issue_
client_ boolcertificate - Whether client certificate authorization is enabled for this cluster.
- issue
Client BooleanCertificate - Whether client certificate authorization is enabled for this cluster.
ClusterMasterAuthorizedNetworksConfig, ClusterMasterAuthorizedNetworksConfigArgs
- Cidr
Blocks List<ClusterMaster Authorized Networks Config Cidr Block> - External networks that can access the Kubernetes cluster master through HTTPS.
- Gcp
Public boolCidrs Access Enabled - Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
- Private
Endpoint boolEnforcement Enabled - Whether authorized networks is enforced on the private endpoint or not.
- Cidr
Blocks []ClusterMaster Authorized Networks Config Cidr Block - External networks that can access the Kubernetes cluster master through HTTPS.
- Gcp
Public boolCidrs Access Enabled - Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
- Private
Endpoint boolEnforcement Enabled - Whether authorized networks is enforced on the private endpoint or not.
- cidr
Blocks List<ClusterMaster Authorized Networks Config Cidr Block> - External networks that can access the Kubernetes cluster master through HTTPS.
- gcp
Public BooleanCidrs Access Enabled - Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
- private
Endpoint BooleanEnforcement Enabled - Whether authorized networks is enforced on the private endpoint or not.
- cidr
Blocks ClusterMaster Authorized Networks Config Cidr Block[] - External networks that can access the Kubernetes cluster master through HTTPS.
- gcp
Public booleanCidrs Access Enabled - Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
- private
Endpoint booleanEnforcement Enabled - Whether authorized networks is enforced on the private endpoint or not.
- cidr_
blocks Sequence[ClusterMaster Authorized Networks Config Cidr Block] - External networks that can access the Kubernetes cluster master through HTTPS.
- gcp_
public_ boolcidrs_ access_ enabled - Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
- private_
endpoint_ boolenforcement_ enabled - Whether authorized networks is enforced on the private endpoint or not.
- cidr
Blocks List<Property Map> - External networks that can access the Kubernetes cluster master through HTTPS.
- gcp
Public BooleanCidrs Access Enabled - Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
- private
Endpoint BooleanEnforcement Enabled - Whether authorized networks is enforced on the private endpoint or not.
ClusterMasterAuthorizedNetworksConfigCidrBlock, ClusterMasterAuthorizedNetworksConfigCidrBlockArgs
- Cidr
Block string - External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
- Display
Name string - Field for users to identify CIDR blocks.
- Cidr
Block string - External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
- Display
Name string - Field for users to identify CIDR blocks.
- cidr
Block String - External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
- display
Name String - Field for users to identify CIDR blocks.
- cidr
Block string - External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
- display
Name string - Field for users to identify CIDR blocks.
- cidr_
block str - External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
- display_
name str - Field for users to identify CIDR blocks.
- cidr
Block String - External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
- display
Name String - Field for users to identify CIDR blocks.
ClusterMeshCertificates, ClusterMeshCertificatesArgs
- Enable
Certificates bool - Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
- Enable
Certificates bool - Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
- enable
Certificates Boolean - Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
- enable
Certificates boolean - Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
- enable_
certificates bool - Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
- enable
Certificates Boolean - Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
ClusterMonitoringConfig, ClusterMonitoringConfigArgs
- Advanced
Datapath ClusterObservability Config Monitoring Config Advanced Datapath Observability Config - Configuration for Advanced Datapath Monitoring. Structure is documented below.
- Enable
Components List<string> - The GKE components exposing metrics. Supported values include:
SYSTEM_COMPONENTS,APISERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,HPA,POD,DAEMONSET,DEPLOYMENT,STATEFULSET,KUBELET,CADVISORandDCGM. In beta provider,WORKLOADSis supported on top of those 12 values. (WORKLOADSis deprecated and removed in GKE 1.24.)KUBELETandCADVISORare only supported in GKE 1.29.3-gke.1093000 and above. - Managed
Prometheus ClusterMonitoring Config Managed Prometheus - Configuration for Managed Service for Prometheus. Structure is documented below.
- Advanced
Datapath ClusterObservability Config Monitoring Config Advanced Datapath Observability Config - Configuration for Advanced Datapath Monitoring. Structure is documented below.
- Enable
Components []string - The GKE components exposing metrics. Supported values include:
SYSTEM_COMPONENTS,APISERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,HPA,POD,DAEMONSET,DEPLOYMENT,STATEFULSET,KUBELET,CADVISORandDCGM. In beta provider,WORKLOADSis supported on top of those 12 values. (WORKLOADSis deprecated and removed in GKE 1.24.)KUBELETandCADVISORare only supported in GKE 1.29.3-gke.1093000 and above. - Managed
Prometheus ClusterMonitoring Config Managed Prometheus - Configuration for Managed Service for Prometheus. Structure is documented below.
- advanced
Datapath ClusterObservability Config Monitoring Config Advanced Datapath Observability Config - Configuration for Advanced Datapath Monitoring. Structure is documented below.
- enable
Components List<String> - The GKE components exposing metrics. Supported values include:
SYSTEM_COMPONENTS,APISERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,HPA,POD,DAEMONSET,DEPLOYMENT,STATEFULSET,KUBELET,CADVISORandDCGM. In beta provider,WORKLOADSis supported on top of those 12 values. (WORKLOADSis deprecated and removed in GKE 1.24.)KUBELETandCADVISORare only supported in GKE 1.29.3-gke.1093000 and above. - managed
Prometheus ClusterMonitoring Config Managed Prometheus - Configuration for Managed Service for Prometheus. Structure is documented below.
- advanced
Datapath ClusterObservability Config Monitoring Config Advanced Datapath Observability Config - Configuration for Advanced Datapath Monitoring. Structure is documented below.
- enable
Components string[] - The GKE components exposing metrics. Supported values include:
SYSTEM_COMPONENTS,APISERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,HPA,POD,DAEMONSET,DEPLOYMENT,STATEFULSET,KUBELET,CADVISORandDCGM. In beta provider,WORKLOADSis supported on top of those 12 values. (WORKLOADSis deprecated and removed in GKE 1.24.)KUBELETandCADVISORare only supported in GKE 1.29.3-gke.1093000 and above. - managed
Prometheus ClusterMonitoring Config Managed Prometheus - Configuration for Managed Service for Prometheus. Structure is documented below.
- advanced_
datapath_ Clusterobservability_ config Monitoring Config Advanced Datapath Observability Config - Configuration for Advanced Datapath Monitoring. Structure is documented below.
- enable_
components Sequence[str] - The GKE components exposing metrics. Supported values include:
SYSTEM_COMPONENTS,APISERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,HPA,POD,DAEMONSET,DEPLOYMENT,STATEFULSET,KUBELET,CADVISORandDCGM. In beta provider,WORKLOADSis supported on top of those 12 values. (WORKLOADSis deprecated and removed in GKE 1.24.)KUBELETandCADVISORare only supported in GKE 1.29.3-gke.1093000 and above. - managed_
prometheus ClusterMonitoring Config Managed Prometheus - Configuration for Managed Service for Prometheus. Structure is documented below.
- advanced
Datapath Property MapObservability Config - Configuration for Advanced Datapath Monitoring. Structure is documented below.
- enable
Components List<String> - The GKE components exposing metrics. Supported values include:
SYSTEM_COMPONENTS,APISERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,HPA,POD,DAEMONSET,DEPLOYMENT,STATEFULSET,KUBELET,CADVISORandDCGM. In beta provider,WORKLOADSis supported on top of those 12 values. (WORKLOADSis deprecated and removed in GKE 1.24.)KUBELETandCADVISORare only supported in GKE 1.29.3-gke.1093000 and above. - managed
Prometheus Property Map - Configuration for Managed Service for Prometheus. Structure is documented below.
ClusterMonitoringConfigAdvancedDatapathObservabilityConfig, ClusterMonitoringConfigAdvancedDatapathObservabilityConfigArgs
- Enable
Metrics bool - Whether or not to enable advanced datapath metrics.
- Enable
Relay bool - Whether or not Relay is enabled.
- Enable
Metrics bool - Whether or not to enable advanced datapath metrics.
- Enable
Relay bool - Whether or not Relay is enabled.
- enable
Metrics Boolean - Whether or not to enable advanced datapath metrics.
- enable
Relay Boolean - Whether or not Relay is enabled.
- enable
Metrics boolean - Whether or not to enable advanced datapath metrics.
- enable
Relay boolean - Whether or not Relay is enabled.
- enable_
metrics bool - Whether or not to enable advanced datapath metrics.
- enable_
relay bool - Whether or not Relay is enabled.
- enable
Metrics Boolean - Whether or not to enable advanced datapath metrics.
- enable
Relay Boolean - Whether or not Relay is enabled.
ClusterMonitoringConfigManagedPrometheus, ClusterMonitoringConfigManagedPrometheusArgs
- Enabled bool
- Whether or not the managed collection is enabled.
- Auto
Monitoring ClusterConfig Monitoring Config Managed Prometheus Auto Monitoring Config - Configuration options for GKE Auto-Monitoring.
- Enabled bool
- Whether or not the managed collection is enabled.
- Auto
Monitoring ClusterConfig Monitoring Config Managed Prometheus Auto Monitoring Config - Configuration options for GKE Auto-Monitoring.
- enabled Boolean
- Whether or not the managed collection is enabled.
- auto
Monitoring ClusterConfig Monitoring Config Managed Prometheus Auto Monitoring Config - Configuration options for GKE Auto-Monitoring.
- enabled boolean
- Whether or not the managed collection is enabled.
- auto
Monitoring ClusterConfig Monitoring Config Managed Prometheus Auto Monitoring Config - Configuration options for GKE Auto-Monitoring.
- enabled bool
- Whether or not the managed collection is enabled.
- auto_
monitoring_ Clusterconfig Monitoring Config Managed Prometheus Auto Monitoring Config - Configuration options for GKE Auto-Monitoring.
- enabled Boolean
- Whether or not the managed collection is enabled.
- auto
Monitoring Property MapConfig - Configuration options for GKE Auto-Monitoring.
ClusterMonitoringConfigManagedPrometheusAutoMonitoringConfig, ClusterMonitoringConfigManagedPrometheusAutoMonitoringConfigArgs
- Scope string
- Whether or not to enable GKE Auto-Monitoring. Supported values include:
ALL,NONE.
- Scope string
- Whether or not to enable GKE Auto-Monitoring. Supported values include:
ALL,NONE.
- scope String
- Whether or not to enable GKE Auto-Monitoring. Supported values include:
ALL,NONE.
- scope string
- Whether or not to enable GKE Auto-Monitoring. Supported values include:
ALL,NONE.
- scope str
- Whether or not to enable GKE Auto-Monitoring. Supported values include:
ALL,NONE.
- scope String
- Whether or not to enable GKE Auto-Monitoring. Supported values include:
ALL,NONE.
ClusterNetworkPolicy, ClusterNetworkPolicyArgs
ClusterNodeConfig, ClusterNodeConfigArgs
- Advanced
Machine ClusterFeatures Node Config Advanced Machine Features - Specifies options for controlling advanced machine features. Structure is documented below.
- Boot
Disk stringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- Confidential
Nodes ClusterNode Config Confidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below.
- Containerd
Config ClusterNode Config Containerd Config - Parameters to customize containerd runtime. Structure is documented below.
- Disk
Size intGb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- Disk
Type string - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- Effective
Taints List<ClusterNode Config Effective Taint> - List of kubernetes taints applied to each node. Structure is documented above.
- Enable
Confidential boolStorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- Ephemeral
Storage ClusterConfig Node Config Ephemeral Storage Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- Ephemeral
Storage ClusterLocal Ssd Config Node Config Ephemeral Storage Local Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- Fast
Socket ClusterNode Config Fast Socket - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- Gcfs
Config ClusterNode Config Gcfs Config - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - Guest
Accelerators List<ClusterNode Config Guest Accelerator> - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- Gvnic
Cluster
Node Config Gvnic - Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- Host
Maintenance ClusterPolicy Node Config Host Maintenance Policy - The maintenance policy for the hosts on which the GKE VMs run on.
- Image
Type string - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- Kubelet
Config ClusterNode Config Kubelet Config - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - Labels Dictionary<string, string>
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- Linux
Node ClusterConfig Node Config Linux Node Config - Parameters that can be configured on Linux nodes. Structure is documented below.
- Local
Nvme ClusterSsd Block Config Node Config Local Nvme Ssd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- Local
Ssd intCount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- Local
Ssd stringEncryption Mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- Logging
Variant string - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- Machine
Type string - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - Max
Run stringDuration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- Metadata Dictionary<string, string>
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - Min
Cpu stringPlatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - Node
Group string - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- Oauth
Scopes List<string> The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- Preemptible bool
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- Reservation
Affinity ClusterNode Config Reservation Affinity - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- Resource
Labels Dictionary<string, string> - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- Dictionary<string, string>
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - Sandbox
Config ClusterNode Config Sandbox Config - Sandbox configuration for this node.
- Secondary
Boot List<ClusterDisks Node Config Secondary Boot Disk> - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - Service
Account string - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- Shielded
Instance ClusterConfig Node Config Shielded Instance Config - Shielded Instance options. Structure is documented below.
- Sole
Tenant ClusterConfig Node Config Sole Tenant Config - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - Spot bool
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- Storage
Pools List<string> - The list of Storage Pools where boot disks are provisioned.
- List<string>
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- Taints
List<Cluster
Node Config Taint> - A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - Workload
Metadata ClusterConfig Node Config Workload Metadata Config - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
- Advanced
Machine ClusterFeatures Node Config Advanced Machine Features - Specifies options for controlling advanced machine features. Structure is documented below.
- Boot
Disk stringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- Confidential
Nodes ClusterNode Config Confidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below.
- Containerd
Config ClusterNode Config Containerd Config - Parameters to customize containerd runtime. Structure is documented below.
- Disk
Size intGb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- Disk
Type string - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- Effective
Taints []ClusterNode Config Effective Taint - List of kubernetes taints applied to each node. Structure is documented above.
- Enable
Confidential boolStorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- Ephemeral
Storage ClusterConfig Node Config Ephemeral Storage Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- Ephemeral
Storage ClusterLocal Ssd Config Node Config Ephemeral Storage Local Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- Fast
Socket ClusterNode Config Fast Socket - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- Gcfs
Config ClusterNode Config Gcfs Config - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - Guest
Accelerators []ClusterNode Config Guest Accelerator - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- Gvnic
Cluster
Node Config Gvnic - Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- Host
Maintenance ClusterPolicy Node Config Host Maintenance Policy - The maintenance policy for the hosts on which the GKE VMs run on.
- Image
Type string - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- Kubelet
Config ClusterNode Config Kubelet Config - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - Labels map[string]string
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- Linux
Node ClusterConfig Node Config Linux Node Config - Parameters that can be configured on Linux nodes. Structure is documented below.
- Local
Nvme ClusterSsd Block Config Node Config Local Nvme Ssd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- Local
Ssd intCount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- Local
Ssd stringEncryption Mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- Logging
Variant string - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- Machine
Type string - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - Max
Run stringDuration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- Metadata map[string]string
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - Min
Cpu stringPlatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - Node
Group string - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- Oauth
Scopes []string The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- Preemptible bool
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- Reservation
Affinity ClusterNode Config Reservation Affinity - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- Resource
Labels map[string]string - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- map[string]string
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - Sandbox
Config ClusterNode Config Sandbox Config - Sandbox configuration for this node.
- Secondary
Boot []ClusterDisks Node Config Secondary Boot Disk - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - Service
Account string - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- Shielded
Instance ClusterConfig Node Config Shielded Instance Config - Shielded Instance options. Structure is documented below.
- Sole
Tenant ClusterConfig Node Config Sole Tenant Config - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - Spot bool
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- Storage
Pools []string - The list of Storage Pools where boot disks are provisioned.
- []string
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- Taints
[]Cluster
Node Config Taint - A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - Workload
Metadata ClusterConfig Node Config Workload Metadata Config - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
- advanced
Machine ClusterFeatures Node Config Advanced Machine Features - Specifies options for controlling advanced machine features. Structure is documented below.
- boot
Disk StringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- confidential
Nodes ClusterNode Config Confidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below.
- containerd
Config ClusterNode Config Containerd Config - Parameters to customize containerd runtime. Structure is documented below.
- disk
Size IntegerGb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- disk
Type String - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- effective
Taints List<ClusterNode Config Effective Taint> - List of kubernetes taints applied to each node. Structure is documented above.
- enable
Confidential BooleanStorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- ephemeral
Storage ClusterConfig Node Config Ephemeral Storage Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- ephemeral
Storage ClusterLocal Ssd Config Node Config Ephemeral Storage Local Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- fast
Socket ClusterNode Config Fast Socket - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- gcfs
Config ClusterNode Config Gcfs Config - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - guest
Accelerators List<ClusterNode Config Guest Accelerator> - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- gvnic
Cluster
Node Config Gvnic - Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- host
Maintenance ClusterPolicy Node Config Host Maintenance Policy - The maintenance policy for the hosts on which the GKE VMs run on.
- image
Type String - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- kubelet
Config ClusterNode Config Kubelet Config - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - labels Map<String,String>
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- linux
Node ClusterConfig Node Config Linux Node Config - Parameters that can be configured on Linux nodes. Structure is documented below.
- local
Nvme ClusterSsd Block Config Node Config Local Nvme Ssd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- local
Ssd IntegerCount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- local
Ssd StringEncryption Mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- logging
Variant String - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- machine
Type String - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - max
Run StringDuration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- metadata Map<String,String>
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - min
Cpu StringPlatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - node
Group String - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- oauth
Scopes List<String> The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- preemptible Boolean
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- reservation
Affinity ClusterNode Config Reservation Affinity - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- resource
Labels Map<String,String> - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- Map<String,String>
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - sandbox
Config ClusterNode Config Sandbox Config - Sandbox configuration for this node.
- secondary
Boot List<ClusterDisks Node Config Secondary Boot Disk> - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - service
Account String - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- shielded
Instance ClusterConfig Node Config Shielded Instance Config - Shielded Instance options. Structure is documented below.
- sole
Tenant ClusterConfig Node Config Sole Tenant Config - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - spot Boolean
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- storage
Pools List<String> - The list of Storage Pools where boot disks are provisioned.
- List<String>
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- taints
List<Cluster
Node Config Taint> - A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - workload
Metadata ClusterConfig Node Config Workload Metadata Config - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
- advanced
Machine ClusterFeatures Node Config Advanced Machine Features - Specifies options for controlling advanced machine features. Structure is documented below.
- boot
Disk stringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- confidential
Nodes ClusterNode Config Confidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below.
- containerd
Config ClusterNode Config Containerd Config - Parameters to customize containerd runtime. Structure is documented below.
- disk
Size numberGb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- disk
Type string - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- effective
Taints ClusterNode Config Effective Taint[] - List of kubernetes taints applied to each node. Structure is documented above.
- enable
Confidential booleanStorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- ephemeral
Storage ClusterConfig Node Config Ephemeral Storage Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- ephemeral
Storage ClusterLocal Ssd Config Node Config Ephemeral Storage Local Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- fast
Socket ClusterNode Config Fast Socket - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- gcfs
Config ClusterNode Config Gcfs Config - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - guest
Accelerators ClusterNode Config Guest Accelerator[] - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- gvnic
Cluster
Node Config Gvnic - Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- host
Maintenance ClusterPolicy Node Config Host Maintenance Policy - The maintenance policy for the hosts on which the GKE VMs run on.
- image
Type string - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- kubelet
Config ClusterNode Config Kubelet Config - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - labels {[key: string]: string}
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- linux
Node ClusterConfig Node Config Linux Node Config - Parameters that can be configured on Linux nodes. Structure is documented below.
- local
Nvme ClusterSsd Block Config Node Config Local Nvme Ssd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- local
Ssd numberCount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- local
Ssd stringEncryption Mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- logging
Variant string - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- machine
Type string - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - max
Run stringDuration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- metadata {[key: string]: string}
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - min
Cpu stringPlatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - node
Group string - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- oauth
Scopes string[] The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- preemptible boolean
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- reservation
Affinity ClusterNode Config Reservation Affinity - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- resource
Labels {[key: string]: string} - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- {[key: string]: string}
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - sandbox
Config ClusterNode Config Sandbox Config - Sandbox configuration for this node.
- secondary
Boot ClusterDisks Node Config Secondary Boot Disk[] - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - service
Account string - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- shielded
Instance ClusterConfig Node Config Shielded Instance Config - Shielded Instance options. Structure is documented below.
- sole
Tenant ClusterConfig Node Config Sole Tenant Config - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - spot boolean
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- storage
Pools string[] - The list of Storage Pools where boot disks are provisioned.
- string[]
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- taints
Cluster
Node Config Taint[] - A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - workload
Metadata ClusterConfig Node Config Workload Metadata Config - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
- advanced_
machine_ Clusterfeatures Node Config Advanced Machine Features - Specifies options for controlling advanced machine features. Structure is documented below.
- boot_
disk_ strkms_ key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- confidential_
nodes ClusterNode Config Confidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below.
- containerd_
config ClusterNode Config Containerd Config - Parameters to customize containerd runtime. Structure is documented below.
- disk_
size_ intgb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- disk_
type str - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- effective_
taints Sequence[ClusterNode Config Effective Taint] - List of kubernetes taints applied to each node. Structure is documented above.
- enable_
confidential_ boolstorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- ephemeral_
storage_ Clusterconfig Node Config Ephemeral Storage Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- ephemeral_
storage_ Clusterlocal_ ssd_ config Node Config Ephemeral Storage Local Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- fast_
socket ClusterNode Config Fast Socket - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- gcfs_
config ClusterNode Config Gcfs Config - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - guest_
accelerators Sequence[ClusterNode Config Guest Accelerator] - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- gvnic
Cluster
Node Config Gvnic - Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- host_
maintenance_ Clusterpolicy Node Config Host Maintenance Policy - The maintenance policy for the hosts on which the GKE VMs run on.
- image_
type str - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- kubelet_
config ClusterNode Config Kubelet Config - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - labels Mapping[str, str]
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- linux_
node_ Clusterconfig Node Config Linux Node Config - Parameters that can be configured on Linux nodes. Structure is documented below.
- local_
nvme_ Clusterssd_ block_ config Node Config Local Nvme Ssd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- local_
ssd_ intcount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- local_
ssd_ strencryption_ mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- logging_
variant str - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- machine_
type str - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - max_
run_ strduration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- metadata Mapping[str, str]
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - min_
cpu_ strplatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - node_
group str - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- oauth_
scopes Sequence[str] The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- preemptible bool
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- reservation_
affinity ClusterNode Config Reservation Affinity - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- resource_
labels Mapping[str, str] - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- Mapping[str, str]
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - sandbox_
config ClusterNode Config Sandbox Config - Sandbox configuration for this node.
- secondary_
boot_ Sequence[Clusterdisks Node Config Secondary Boot Disk] - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - service_
account str - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- shielded_
instance_ Clusterconfig Node Config Shielded Instance Config - Shielded Instance options. Structure is documented below.
- sole_
tenant_ Clusterconfig Node Config Sole Tenant Config - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - spot bool
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- storage_
pools Sequence[str] - The list of Storage Pools where boot disks are provisioned.
- Sequence[str]
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- taints
Sequence[Cluster
Node Config Taint] - A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - workload_
metadata_ Clusterconfig Node Config Workload Metadata Config - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
- advanced
Machine Property MapFeatures - Specifies options for controlling advanced machine features. Structure is documented below.
- boot
Disk StringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- confidential
Nodes Property Map - Configuration for Confidential Nodes feature. Structure is documented below.
- containerd
Config Property Map - Parameters to customize containerd runtime. Structure is documented below.
- disk
Size NumberGb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- disk
Type String - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- effective
Taints List<Property Map> - List of kubernetes taints applied to each node. Structure is documented above.
- enable
Confidential BooleanStorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- ephemeral
Storage Property MapConfig - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- ephemeral
Storage Property MapLocal Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- fast
Socket Property Map - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- gcfs
Config Property Map - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - guest
Accelerators List<Property Map> - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- gvnic Property Map
- Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- host
Maintenance Property MapPolicy - The maintenance policy for the hosts on which the GKE VMs run on.
- image
Type String - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- kubelet
Config Property Map - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - labels Map<String>
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- linux
Node Property MapConfig - Parameters that can be configured on Linux nodes. Structure is documented below.
- local
Nvme Property MapSsd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- local
Ssd NumberCount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- local
Ssd StringEncryption Mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- logging
Variant String - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- machine
Type String - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - max
Run StringDuration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- metadata Map<String>
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - min
Cpu StringPlatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - node
Group String - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- oauth
Scopes List<String> The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- preemptible Boolean
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- reservation
Affinity Property Map - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- resource
Labels Map<String> - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- Map<String>
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - sandbox
Config Property Map - Sandbox configuration for this node.
- secondary
Boot List<Property Map>Disks - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - service
Account String - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- shielded
Instance Property MapConfig - Shielded Instance options. Structure is documented below.
- sole
Tenant Property MapConfig - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - spot Boolean
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- storage
Pools List<String> - The list of Storage Pools where boot disks are provisioned.
- List<String>
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- taints List<Property Map>
- A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - workload
Metadata Property MapConfig - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
ClusterNodeConfigAdvancedMachineFeatures, ClusterNodeConfigAdvancedMachineFeaturesArgs
- Threads
Per intCore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- Enable
Nested boolVirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
- Threads
Per intCore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- Enable
Nested boolVirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
- threads
Per IntegerCore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- enable
Nested BooleanVirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
- threads
Per numberCore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- enable
Nested booleanVirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
- threads_
per_ intcore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- enable_
nested_ boolvirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
- threads
Per NumberCore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- enable
Nested BooleanVirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
ClusterNodeConfigConfidentialNodes, ClusterNodeConfigConfidentialNodesArgs
- Enabled bool
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- Enabled bool
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled Boolean
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled boolean
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled bool
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled Boolean
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
ClusterNodeConfigContainerdConfig, ClusterNodeConfigContainerdConfigArgs
- Private
Registry ClusterAccess Config Node Config Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- Private
Registry ClusterAccess Config Node Config Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private
Registry ClusterAccess Config Node Config Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private
Registry ClusterAccess Config Node Config Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private_
registry_ Clusteraccess_ config Node Config Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private
Registry Property MapAccess Config - Configuration for private container registries. There are two fields in this config:
ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfig, ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs
- Enabled bool
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
List<Cluster
Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config> - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- Enabled bool
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
[]Cluster
Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled Boolean
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
List<Cluster
Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config> - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled boolean
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
Cluster
Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config[] - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled bool
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
Sequence[Cluster
Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config] - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled Boolean
- Enables private registry config. If set to false, all other fields in this object must not be set.
- List<Property Map>
- List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig, ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs
- Fqdns List<string>
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- Gcp
Secret ClusterManager Certificate Config Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- Fqdns []string
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- Gcp
Secret ClusterManager Certificate Config Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns List<String>
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp
Secret ClusterManager Certificate Config Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns string[]
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp
Secret ClusterManager Certificate Config Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns Sequence[str]
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp_
secret_ Clustermanager_ certificate_ config Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns List<String>
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp
Secret Property MapManager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig, ClusterNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs
- Secret
Uri string - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- Secret
Uri string - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret
Uri String - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret
Uri string - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret_
uri str - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret
Uri String - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
ClusterNodeConfigEffectiveTaint, ClusterNodeConfigEffectiveTaintArgs
ClusterNodeConfigEphemeralStorageConfig, ClusterNodeConfigEphemeralStorageConfigArgs
- Local
Ssd intCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- Local
Ssd intCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd IntegerCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd numberCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local_
ssd_ intcount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd NumberCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
ClusterNodeConfigEphemeralStorageLocalSsdConfig, ClusterNodeConfigEphemeralStorageLocalSsdConfigArgs
- Local
Ssd intCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- Local
Ssd intCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd IntegerCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd numberCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local_
ssd_ intcount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd NumberCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
ClusterNodeConfigFastSocket, ClusterNodeConfigFastSocketArgs
- Enabled bool
- Whether or not the NCCL Fast Socket is enabled
- Enabled bool
- Whether or not the NCCL Fast Socket is enabled
- enabled Boolean
- Whether or not the NCCL Fast Socket is enabled
- enabled boolean
- Whether or not the NCCL Fast Socket is enabled
- enabled bool
- Whether or not the NCCL Fast Socket is enabled
- enabled Boolean
- Whether or not the NCCL Fast Socket is enabled
ClusterNodeConfigGcfsConfig, ClusterNodeConfigGcfsConfigArgs
- Enabled bool
- Whether or not the Google Container Filesystem (GCFS) is enabled
- Enabled bool
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled Boolean
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled boolean
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled bool
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled Boolean
- Whether or not the Google Container Filesystem (GCFS) is enabled
ClusterNodeConfigGuestAccelerator, ClusterNodeConfigGuestAcceleratorArgs
- Count int
- The number of the guest accelerator cards exposed to this instance.
- Type string
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - Gpu
Driver ClusterInstallation Config Node Config Guest Accelerator Gpu Driver Installation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- Gpu
Partition stringSize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- Gpu
Sharing ClusterConfig Node Config Guest Accelerator Gpu Sharing Config - Configuration for GPU sharing. Structure is documented below.
- Count int
- The number of the guest accelerator cards exposed to this instance.
- Type string
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - Gpu
Driver ClusterInstallation Config Node Config Guest Accelerator Gpu Driver Installation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- Gpu
Partition stringSize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- Gpu
Sharing ClusterConfig Node Config Guest Accelerator Gpu Sharing Config - Configuration for GPU sharing. Structure is documented below.
- count Integer
- The number of the guest accelerator cards exposed to this instance.
- type String
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - gpu
Driver ClusterInstallation Config Node Config Guest Accelerator Gpu Driver Installation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- gpu
Partition StringSize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- gpu
Sharing ClusterConfig Node Config Guest Accelerator Gpu Sharing Config - Configuration for GPU sharing. Structure is documented below.
- count number
- The number of the guest accelerator cards exposed to this instance.
- type string
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - gpu
Driver ClusterInstallation Config Node Config Guest Accelerator Gpu Driver Installation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- gpu
Partition stringSize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- gpu
Sharing ClusterConfig Node Config Guest Accelerator Gpu Sharing Config - Configuration for GPU sharing. Structure is documented below.
- count int
- The number of the guest accelerator cards exposed to this instance.
- type str
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - gpu_
driver_ Clusterinstallation_ config Node Config Guest Accelerator Gpu Driver Installation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- gpu_
partition_ strsize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- gpu_
sharing_ Clusterconfig Node Config Guest Accelerator Gpu Sharing Config - Configuration for GPU sharing. Structure is documented below.
- count Number
- The number of the guest accelerator cards exposed to this instance.
- type String
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - gpu
Driver Property MapInstallation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- gpu
Partition StringSize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- gpu
Sharing Property MapConfig - Configuration for GPU sharing. Structure is documented below.
ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfig, ClusterNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs
- Gpu
Driver stringVersion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
- Gpu
Driver stringVersion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
- gpu
Driver StringVersion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
- gpu
Driver stringVersion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
- gpu_
driver_ strversion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
- gpu
Driver StringVersion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
ClusterNodeConfigGuestAcceleratorGpuSharingConfig, ClusterNodeConfigGuestAcceleratorGpuSharingConfigArgs
- Gpu
Sharing stringStrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- int
- The maximum number of containers that can share a GPU.
- Gpu
Sharing stringStrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- int
- The maximum number of containers that can share a GPU.
- gpu
Sharing StringStrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- Integer
- The maximum number of containers that can share a GPU.
- gpu
Sharing stringStrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- number
- The maximum number of containers that can share a GPU.
- gpu_
sharing_ strstrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- int
- The maximum number of containers that can share a GPU.
- gpu
Sharing StringStrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- Number
- The maximum number of containers that can share a GPU.
ClusterNodeConfigGvnic, ClusterNodeConfigGvnicArgs
- Enabled bool
- Whether or not the Google Virtual NIC (gVNIC) is enabled
- Enabled bool
- Whether or not the Google Virtual NIC (gVNIC) is enabled
- enabled Boolean
- Whether or not the Google Virtual NIC (gVNIC) is enabled
- enabled boolean
- Whether or not the Google Virtual NIC (gVNIC) is enabled
- enabled bool
- Whether or not the Google Virtual NIC (gVNIC) is enabled
- enabled Boolean
- Whether or not the Google Virtual NIC (gVNIC) is enabled
ClusterNodeConfigHostMaintenancePolicy, ClusterNodeConfigHostMaintenancePolicyArgs
- Maintenance
Interval string - .
- Maintenance
Interval string - .
- maintenance
Interval String - .
- maintenance
Interval string - .
- maintenance_
interval str - .
- maintenance
Interval String - .
ClusterNodeConfigKubeletConfig, ClusterNodeConfigKubeletConfigArgs
- Allowed
Unsafe List<string>Sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - Container
Log intMax Files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- Container
Log stringMax Size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - Cpu
Cfs boolQuota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- Cpu
Cfs stringQuota Period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - Cpu
Manager stringPolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - Image
Gc intHigh Threshold Percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- Image
Gc intLow Threshold Percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- Image
Maximum stringGc Age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - Image
Minimum stringGc Age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - Insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - Pod
Pids intLimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- Allowed
Unsafe []stringSysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - Container
Log intMax Files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- Container
Log stringMax Size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - Cpu
Cfs boolQuota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- Cpu
Cfs stringQuota Period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - Cpu
Manager stringPolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - Image
Gc intHigh Threshold Percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- Image
Gc intLow Threshold Percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- Image
Maximum stringGc Age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - Image
Minimum stringGc Age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - Insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - Pod
Pids intLimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- allowed
Unsafe List<String>Sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - container
Log IntegerMax Files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- container
Log StringMax Size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - cpu
Cfs BooleanQuota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- cpu
Cfs StringQuota Period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - cpu
Manager StringPolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - image
Gc IntegerHigh Threshold Percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- image
Gc IntegerLow Threshold Percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- image
Maximum StringGc Age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - image
Minimum StringGc Age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - insecure
Kubelet StringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - pod
Pids IntegerLimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- allowed
Unsafe string[]Sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - container
Log numberMax Files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- container
Log stringMax Size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - cpu
Cfs booleanQuota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- cpu
Cfs stringQuota Period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - cpu
Manager stringPolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - image
Gc numberHigh Threshold Percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- image
Gc numberLow Threshold Percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- image
Maximum stringGc Age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - image
Minimum stringGc Age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - pod
Pids numberLimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- allowed_
unsafe_ Sequence[str]sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - container_
log_ intmax_ files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- container_
log_ strmax_ size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - cpu_
cfs_ boolquota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- cpu_
cfs_ strquota_ period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - cpu_
manager_ strpolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - image_
gc_ inthigh_ threshold_ percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- image_
gc_ intlow_ threshold_ percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- image_
maximum_ strgc_ age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - image_
minimum_ strgc_ age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - insecure_
kubelet_ strreadonly_ port_ enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - pod_
pids_ intlimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- allowed
Unsafe List<String>Sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - container
Log NumberMax Files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- container
Log StringMax Size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - cpu
Cfs BooleanQuota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- cpu
Cfs StringQuota Period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - cpu
Manager StringPolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - image
Gc NumberHigh Threshold Percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- image
Gc NumberLow Threshold Percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- image
Maximum StringGc Age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - image
Minimum StringGc Age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - insecure
Kubelet StringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - pod
Pids NumberLimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
ClusterNodeConfigLinuxNodeConfig, ClusterNodeConfigLinuxNodeConfigArgs
- Cgroup
Mode string - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- Hugepages
Config ClusterNode Config Linux Node Config Hugepages Config - Amounts for 2M and 1G hugepages. Structure is documented below.
- Sysctls Dictionary<string, string>
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
- Cgroup
Mode string - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- Hugepages
Config ClusterNode Config Linux Node Config Hugepages Config - Amounts for 2M and 1G hugepages. Structure is documented below.
- Sysctls map[string]string
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
- cgroup
Mode String - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- hugepages
Config ClusterNode Config Linux Node Config Hugepages Config - Amounts for 2M and 1G hugepages. Structure is documented below.
- sysctls Map<String,String>
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
- cgroup
Mode string - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- hugepages
Config ClusterNode Config Linux Node Config Hugepages Config - Amounts for 2M and 1G hugepages. Structure is documented below.
- sysctls {[key: string]: string}
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
- cgroup_
mode str - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- hugepages_
config ClusterNode Config Linux Node Config Hugepages Config - Amounts for 2M and 1G hugepages. Structure is documented below.
- sysctls Mapping[str, str]
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
- cgroup
Mode String - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- hugepages
Config Property Map - Amounts for 2M and 1G hugepages. Structure is documented below.
- sysctls Map<String>
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
ClusterNodeConfigLinuxNodeConfigHugepagesConfig, ClusterNodeConfigLinuxNodeConfigHugepagesConfigArgs
- Hugepage
Size1g int - Amount of 1G hugepages.
- Hugepage
Size2m int - Amount of 2M hugepages.
- Hugepage
Size1g int - Amount of 1G hugepages.
- Hugepage
Size2m int - Amount of 2M hugepages.
- hugepage
Size1g Integer - Amount of 1G hugepages.
- hugepage
Size2m Integer - Amount of 2M hugepages.
- hugepage
Size1g number - Amount of 1G hugepages.
- hugepage
Size2m number - Amount of 2M hugepages.
- hugepage_
size1g int - Amount of 1G hugepages.
- hugepage_
size2m int - Amount of 2M hugepages.
- hugepage
Size1g Number - Amount of 1G hugepages.
- hugepage
Size2m Number - Amount of 2M hugepages.
ClusterNodeConfigLocalNvmeSsdBlockConfig, ClusterNodeConfigLocalNvmeSsdBlockConfigArgs
- Local
Ssd intCount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
- Local
Ssd intCount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
- local
Ssd IntegerCount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
- local
Ssd numberCount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
- local_
ssd_ intcount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
- local
Ssd NumberCount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
ClusterNodeConfigReservationAffinity, ClusterNodeConfigReservationAffinityArgs
- Consume
Reservation stringType - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- Key string
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- Values List<string>
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
- Consume
Reservation stringType - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- Key string
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- Values []string
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
- consume
Reservation StringType - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- key String
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- values List<String>
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
- consume
Reservation stringType - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- key string
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- values string[]
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
- consume_
reservation_ strtype - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- key str
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- values Sequence[str]
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
- consume
Reservation StringType - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- key String
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- values List<String>
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
ClusterNodeConfigSandboxConfig, ClusterNodeConfigSandboxConfigArgs
- Sandbox
Type string - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
- Sandbox
Type string - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
- sandbox
Type String - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
- sandbox
Type string - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
- sandbox_
type str - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
- sandbox
Type String - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
ClusterNodeConfigSecondaryBootDisk, ClusterNodeConfigSecondaryBootDiskArgs
- Disk
Image string - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - Mode string
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
- Disk
Image string - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - Mode string
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
- disk
Image String - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - mode String
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
- disk
Image string - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - mode string
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
- disk_
image str - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - mode str
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
- disk
Image String - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - mode String
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
ClusterNodeConfigShieldedInstanceConfig, ClusterNodeConfigShieldedInstanceConfigArgs
- Enable
Integrity boolMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- Enable
Secure boolBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- Enable
Integrity boolMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- Enable
Secure boolBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable
Integrity BooleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable
Secure BooleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable
Integrity booleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable
Secure booleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable_
integrity_ boolmonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable_
secure_ boolboot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable
Integrity BooleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable
Secure BooleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
ClusterNodeConfigSoleTenantConfig, ClusterNodeConfigSoleTenantConfigArgs
ClusterNodeConfigSoleTenantConfigNodeAffinity, ClusterNodeConfigSoleTenantConfigNodeAffinityArgs
ClusterNodeConfigTaint, ClusterNodeConfigTaintArgs
ClusterNodeConfigWorkloadMetadataConfig, ClusterNodeConfigWorkloadMetadataConfigArgs
- Mode string
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
- Mode string
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
- mode String
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
- mode string
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
- mode str
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
- mode String
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
ClusterNodePool, ClusterNodePoolArgs
- Autoscaling
Cluster
Node Pool Autoscaling - Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
- Initial
Node intCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - Instance
Group List<string>Urls - The resource URLs of the managed instance groups associated with this node pool.
- Managed
Instance List<string>Group Urls - List of instance group URLs which have been assigned to this node pool.
- Management
Cluster
Node Pool Management - Node management configuration, wherein auto-repair and auto-upgrade is configured.
- Max
Pods intPer Node - The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
- Name string
- The name of the cluster, unique within the project and
location.
- Name
Prefix string - Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
- Network
Config ClusterNode Pool Network Config - Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
- Node
Config ClusterNode Pool Node Config - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - Node
Count int - The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
- Node
Locations List<string> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- Placement
Policy ClusterNode Pool Placement Policy - Specifies the node placement policy
- Queued
Provisioning ClusterNode Pool Queued Provisioning - Specifies the configuration of queued provisioning
- Upgrade
Settings ClusterNode Pool Upgrade Settings - Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
- Version string
- Autoscaling
Cluster
Node Pool Autoscaling - Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
- Initial
Node intCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - Instance
Group []stringUrls - The resource URLs of the managed instance groups associated with this node pool.
- Managed
Instance []stringGroup Urls - List of instance group URLs which have been assigned to this node pool.
- Management
Cluster
Node Pool Management - Node management configuration, wherein auto-repair and auto-upgrade is configured.
- Max
Pods intPer Node - The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
- Name string
- The name of the cluster, unique within the project and
location.
- Name
Prefix string - Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
- Network
Config ClusterNode Pool Network Config - Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
- Node
Config ClusterNode Pool Node Config - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - Node
Count int - The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
- Node
Locations []string The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- Placement
Policy ClusterNode Pool Placement Policy - Specifies the node placement policy
- Queued
Provisioning ClusterNode Pool Queued Provisioning - Specifies the configuration of queued provisioning
- Upgrade
Settings ClusterNode Pool Upgrade Settings - Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
- Version string
- autoscaling
Cluster
Node Pool Autoscaling - Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
- initial
Node IntegerCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - instance
Group List<String>Urls - The resource URLs of the managed instance groups associated with this node pool.
- managed
Instance List<String>Group Urls - List of instance group URLs which have been assigned to this node pool.
- management
Cluster
Node Pool Management - Node management configuration, wherein auto-repair and auto-upgrade is configured.
- max
Pods IntegerPer Node - The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
- name String
- The name of the cluster, unique within the project and
location.
- name
Prefix String - Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
- network
Config ClusterNode Pool Network Config - Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
- node
Config ClusterNode Pool Node Config - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node
Count Integer - The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
- node
Locations List<String> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- placement
Policy ClusterNode Pool Placement Policy - Specifies the node placement policy
- queued
Provisioning ClusterNode Pool Queued Provisioning - Specifies the configuration of queued provisioning
- upgrade
Settings ClusterNode Pool Upgrade Settings - Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
- version String
- autoscaling
Cluster
Node Pool Autoscaling - Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
- initial
Node numberCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - instance
Group string[]Urls - The resource URLs of the managed instance groups associated with this node pool.
- managed
Instance string[]Group Urls - List of instance group URLs which have been assigned to this node pool.
- management
Cluster
Node Pool Management - Node management configuration, wherein auto-repair and auto-upgrade is configured.
- max
Pods numberPer Node - The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
- name string
- The name of the cluster, unique within the project and
location.
- name
Prefix string - Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
- network
Config ClusterNode Pool Network Config - Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
- node
Config ClusterNode Pool Node Config - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node
Count number - The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
- node
Locations string[] The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- placement
Policy ClusterNode Pool Placement Policy - Specifies the node placement policy
- queued
Provisioning ClusterNode Pool Queued Provisioning - Specifies the configuration of queued provisioning
- upgrade
Settings ClusterNode Pool Upgrade Settings - Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
- version string
- autoscaling
Cluster
Node Pool Autoscaling - Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
- initial_
node_ intcount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - instance_
group_ Sequence[str]urls - The resource URLs of the managed instance groups associated with this node pool.
- managed_
instance_ Sequence[str]group_ urls - List of instance group URLs which have been assigned to this node pool.
- management
Cluster
Node Pool Management - Node management configuration, wherein auto-repair and auto-upgrade is configured.
- max_
pods_ intper_ node - The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
- name str
- The name of the cluster, unique within the project and
location.
- name_
prefix str - Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
- network_
config ClusterNode Pool Network Config - Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
- node_
config ClusterNode Pool Node Config - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node_
count int - The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
- node_
locations Sequence[str] The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- placement_
policy ClusterNode Pool Placement Policy - Specifies the node placement policy
- queued_
provisioning ClusterNode Pool Queued Provisioning - Specifies the configuration of queued provisioning
- upgrade_
settings ClusterNode Pool Upgrade Settings - Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
- version str
- autoscaling Property Map
- Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
- initial
Node NumberCount - The number of nodes to create in this
cluster's default node pool. In regional or multi-zonal clusters, this is the
number of nodes per zone. Must be set if
node_poolis not set. If you're usinggcp.container.NodePoolobjects with no default node pool, you'll need to set this to a value of at least1, alongside settingremove_default_node_pooltotrue. - instance
Group List<String>Urls - The resource URLs of the managed instance groups associated with this node pool.
- managed
Instance List<String>Group Urls - List of instance group URLs which have been assigned to this node pool.
- management Property Map
- Node management configuration, wherein auto-repair and auto-upgrade is configured.
- max
Pods NumberPer Node - The maximum number of pods per node in this node pool. Note that this does not work on node pools which are "route-based" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.
- name String
- The name of the cluster, unique within the project and
location.
- name
Prefix String - Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.
- network
Config Property Map - Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below
- node
Config Property Map - Parameters used in creating the default node pool.
Generally, this field should not be used at the same time as a
gcp.container.NodePoolor anode_poolblock; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below. - node
Count Number - The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.
- node
Locations List<String> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- placement
Policy Property Map - Specifies the node placement policy
- queued
Provisioning Property Map - Specifies the configuration of queued provisioning
- upgrade
Settings Property Map - Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.
- version String
ClusterNodePoolAutoConfig, ClusterNodePoolAutoConfigArgs
- Linux
Node ClusterConfig Node Pool Auto Config Linux Node Config - Linux system configuration for the cluster's automatically provisioned node pools. Only
cgroup_modefield is supported innode_pool_auto_config. Structure is documented below. -
Cluster
Node Pool Auto Config Network Tags - The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
- Node
Kubelet ClusterConfig Node Pool Auto Config Node Kubelet Config - Kubelet configuration for Autopilot clusters. Currently, only
insecure_kubelet_readonly_port_enabledis supported here. Structure is documented below. - Dictionary<string, string>
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}.
- Linux
Node ClusterConfig Node Pool Auto Config Linux Node Config - Linux system configuration for the cluster's automatically provisioned node pools. Only
cgroup_modefield is supported innode_pool_auto_config. Structure is documented below. -
Cluster
Node Pool Auto Config Network Tags - The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
- Node
Kubelet ClusterConfig Node Pool Auto Config Node Kubelet Config - Kubelet configuration for Autopilot clusters. Currently, only
insecure_kubelet_readonly_port_enabledis supported here. Structure is documented below. - map[string]string
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}.
- linux
Node ClusterConfig Node Pool Auto Config Linux Node Config - Linux system configuration for the cluster's automatically provisioned node pools. Only
cgroup_modefield is supported innode_pool_auto_config. Structure is documented below. -
Cluster
Node Pool Auto Config Network Tags - The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
- node
Kubelet ClusterConfig Node Pool Auto Config Node Kubelet Config - Kubelet configuration for Autopilot clusters. Currently, only
insecure_kubelet_readonly_port_enabledis supported here. Structure is documented below. - Map<String,String>
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}.
- linux
Node ClusterConfig Node Pool Auto Config Linux Node Config - Linux system configuration for the cluster's automatically provisioned node pools. Only
cgroup_modefield is supported innode_pool_auto_config. Structure is documented below. -
Cluster
Node Pool Auto Config Network Tags - The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
- node
Kubelet ClusterConfig Node Pool Auto Config Node Kubelet Config - Kubelet configuration for Autopilot clusters. Currently, only
insecure_kubelet_readonly_port_enabledis supported here. Structure is documented below. - {[key: string]: string}
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}.
- linux_
node_ Clusterconfig Node Pool Auto Config Linux Node Config - Linux system configuration for the cluster's automatically provisioned node pools. Only
cgroup_modefield is supported innode_pool_auto_config. Structure is documented below. -
Cluster
Node Pool Auto Config Network Tags - The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
- node_
kubelet_ Clusterconfig Node Pool Auto Config Node Kubelet Config - Kubelet configuration for Autopilot clusters. Currently, only
insecure_kubelet_readonly_port_enabledis supported here. Structure is documented below. - Mapping[str, str]
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}.
- linux
Node Property MapConfig - Linux system configuration for the cluster's automatically provisioned node pools. Only
cgroup_modefield is supported innode_pool_auto_config. Structure is documented below. - Property Map
- The network tag config for the cluster's automatically provisioned node pools. Structure is documented below.
- node
Kubelet Property MapConfig - Kubelet configuration for Autopilot clusters. Currently, only
insecure_kubelet_readonly_port_enabledis supported here. Structure is documented below. - Map<String>
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}.
ClusterNodePoolAutoConfigLinuxNodeConfig, ClusterNodePoolAutoConfigLinuxNodeConfigArgs
- Cgroup
Mode string - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- Cgroup
Mode string - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- cgroup
Mode String - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- cgroup
Mode string - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- cgroup_
mode str - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- cgroup
Mode String - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
ClusterNodePoolAutoConfigNetworkTags, ClusterNodePoolAutoConfigNetworkTagsArgs
- List<string>
- List of network tags applied to auto-provisioned node pools.
- []string
- List of network tags applied to auto-provisioned node pools.
- List<String>
- List of network tags applied to auto-provisioned node pools.
- string[]
- List of network tags applied to auto-provisioned node pools.
- Sequence[str]
- List of network tags applied to auto-provisioned node pools.
- List<String>
- List of network tags applied to auto-provisioned node pools.
ClusterNodePoolAutoConfigNodeKubeletConfig, ClusterNodePoolAutoConfigNodeKubeletConfigArgs
- Insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE.
- Insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE.
- insecure
Kubelet StringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE.
- insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE.
- insecure_
kubelet_ strreadonly_ port_ enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE.
- insecure
Kubelet StringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE.
ClusterNodePoolAutoscaling, ClusterNodePoolAutoscalingArgs
- Location
Policy string - Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
- Max
Node intCount - Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
- Min
Node intCount - Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
- Total
Max intNode Count - Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
- Total
Min intNode Count - Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.
- Location
Policy string - Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
- Max
Node intCount - Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
- Min
Node intCount - Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
- Total
Max intNode Count - Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
- Total
Min intNode Count - Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.
- location
Policy String - Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
- max
Node IntegerCount - Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
- min
Node IntegerCount - Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
- total
Max IntegerNode Count - Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
- total
Min IntegerNode Count - Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.
- location
Policy string - Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
- max
Node numberCount - Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
- min
Node numberCount - Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
- total
Max numberNode Count - Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
- total
Min numberNode Count - Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.
- location_
policy str - Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
- max_
node_ intcount - Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
- min_
node_ intcount - Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
- total_
max_ intnode_ count - Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
- total_
min_ intnode_ count - Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.
- location
Policy String - Location policy specifies the algorithm used when scaling-up the node pool. "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.
- max
Node NumberCount - Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.
- min
Node NumberCount - Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.
- total
Max NumberNode Count - Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.
- total
Min NumberNode Count - Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.
ClusterNodePoolDefaults, ClusterNodePoolDefaultsArgs
- Node
Config ClusterDefaults Node Pool Defaults Node Config Defaults - Subset of NodeConfig message that has defaults.
- Node
Config ClusterDefaults Node Pool Defaults Node Config Defaults - Subset of NodeConfig message that has defaults.
- node
Config ClusterDefaults Node Pool Defaults Node Config Defaults - Subset of NodeConfig message that has defaults.
- node
Config ClusterDefaults Node Pool Defaults Node Config Defaults - Subset of NodeConfig message that has defaults.
- node_
config_ Clusterdefaults Node Pool Defaults Node Config Defaults - Subset of NodeConfig message that has defaults.
- node
Config Property MapDefaults - Subset of NodeConfig message that has defaults.
ClusterNodePoolDefaultsNodeConfigDefaults, ClusterNodePoolDefaultsNodeConfigDefaultsArgs
- Containerd
Config ClusterNode Pool Defaults Node Config Defaults Containerd Config - Parameters for containerd configuration.
- Gcfs
Config ClusterNode Pool Defaults Node Config Defaults Gcfs Config - The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
- Insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - Logging
Variant string - The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- Containerd
Config ClusterNode Pool Defaults Node Config Defaults Containerd Config - Parameters for containerd configuration.
- Gcfs
Config ClusterNode Pool Defaults Node Config Defaults Gcfs Config - The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
- Insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - Logging
Variant string - The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- containerd
Config ClusterNode Pool Defaults Node Config Defaults Containerd Config - Parameters for containerd configuration.
- gcfs
Config ClusterNode Pool Defaults Node Config Defaults Gcfs Config - The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
- insecure
Kubelet StringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - logging
Variant String - The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- containerd
Config ClusterNode Pool Defaults Node Config Defaults Containerd Config - Parameters for containerd configuration.
- gcfs
Config ClusterNode Pool Defaults Node Config Defaults Gcfs Config - The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
- insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - logging
Variant string - The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- containerd_
config ClusterNode Pool Defaults Node Config Defaults Containerd Config - Parameters for containerd configuration.
- gcfs_
config ClusterNode Pool Defaults Node Config Defaults Gcfs Config - The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
- insecure_
kubelet_ strreadonly_ port_ enabled - Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - logging_
variant str - The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- containerd
Config Property Map - Parameters for containerd configuration.
- gcfs
Config Property Map - The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
- insecure
Kubelet StringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - logging
Variant String - The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfig, ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigArgs
- Private
Registry ClusterAccess Config Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- Private
Registry ClusterAccess Config Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private
Registry ClusterAccess Config Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private
Registry ClusterAccess Config Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private_
registry_ Clusteraccess_ config Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private
Registry Property MapAccess Config - Configuration for private container registries. There are two fields in this config:
ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfig, ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigArgs
- Enabled bool
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
List<Cluster
Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config Certificate Authority Domain Config> - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- Enabled bool
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
[]Cluster
Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config Certificate Authority Domain Config - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled Boolean
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
List<Cluster
Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config Certificate Authority Domain Config> - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled boolean
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
Cluster
Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config Certificate Authority Domain Config[] - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled bool
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
Sequence[Cluster
Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config Certificate Authority Domain Config] - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled Boolean
- Enables private registry config. If set to false, all other fields in this object must not be set.
- List<Property Map>
- List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig, ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs
- Fqdns List<string>
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- Gcp
Secret ClusterManager Certificate Config Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- Fqdns []string
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- Gcp
Secret ClusterManager Certificate Config Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns List<String>
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp
Secret ClusterManager Certificate Config Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns string[]
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp
Secret ClusterManager Certificate Config Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns Sequence[str]
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp_
secret_ Clustermanager_ certificate_ config Node Pool Defaults Node Config Defaults Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns List<String>
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp
Secret Property MapManager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig, ClusterNodePoolDefaultsNodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs
- Secret
Uri string - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- Secret
Uri string - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret
Uri String - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret
Uri string - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret_
uri str - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret
Uri String - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfig, ClusterNodePoolDefaultsNodeConfigDefaultsGcfsConfigArgs
- Enabled bool
- Whether or not the Google Container Filesystem (GCFS) is enabled
- Enabled bool
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled Boolean
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled boolean
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled bool
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled Boolean
- Whether or not the Google Container Filesystem (GCFS) is enabled
ClusterNodePoolManagement, ClusterNodePoolManagementArgs
- Auto
Repair bool Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- Auto
Upgrade bool - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- Auto
Repair bool Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- Auto
Upgrade bool - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- auto
Repair Boolean Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto
Upgrade Boolean - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- auto
Repair boolean Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto
Upgrade boolean - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- auto_
repair bool Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto_
upgrade bool - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- auto
Repair Boolean Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto
Upgrade Boolean - Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
ClusterNodePoolNetworkConfig, ClusterNodePoolNetworkConfigArgs
- Additional
Node List<ClusterNetwork Configs Node Pool Network Config Additional Node Network Config> - We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
- Additional
Pod List<ClusterNetwork Configs Node Pool Network Config Additional Pod Network Config> - We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
- Create
Pod boolRange - Whether to create a new range for pod IPs in this node pool. Defaults are provided for
pod_rangeandpod_ipv4_cidr_blockif they are not specified. - Enable
Private boolNodes - Whether nodes have internal IP addresses only.
- Network
Performance ClusterConfig Node Pool Network Config Network Performance Config - Network bandwidth tier configuration.
- Pod
Cidr ClusterOverprovision Config Node Pool Network Config Pod Cidr Overprovision Config - Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
- Pod
Ipv4Cidr stringBlock - The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
- Pod
Range string - The ID of the secondary range for pod IPs. If
create_pod_rangeis true, this ID is used for the new range. Ifcreate_pod_rangeis false, uses an existing secondary range with this ID.
- Additional
Node []ClusterNetwork Configs Node Pool Network Config Additional Node Network Config - We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
- Additional
Pod []ClusterNetwork Configs Node Pool Network Config Additional Pod Network Config - We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
- Create
Pod boolRange - Whether to create a new range for pod IPs in this node pool. Defaults are provided for
pod_rangeandpod_ipv4_cidr_blockif they are not specified. - Enable
Private boolNodes - Whether nodes have internal IP addresses only.
- Network
Performance ClusterConfig Node Pool Network Config Network Performance Config - Network bandwidth tier configuration.
- Pod
Cidr ClusterOverprovision Config Node Pool Network Config Pod Cidr Overprovision Config - Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
- Pod
Ipv4Cidr stringBlock - The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
- Pod
Range string - The ID of the secondary range for pod IPs. If
create_pod_rangeis true, this ID is used for the new range. Ifcreate_pod_rangeis false, uses an existing secondary range with this ID.
- additional
Node List<ClusterNetwork Configs Node Pool Network Config Additional Node Network Config> - We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
- additional
Pod List<ClusterNetwork Configs Node Pool Network Config Additional Pod Network Config> - We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
- create
Pod BooleanRange - Whether to create a new range for pod IPs in this node pool. Defaults are provided for
pod_rangeandpod_ipv4_cidr_blockif they are not specified. - enable
Private BooleanNodes - Whether nodes have internal IP addresses only.
- network
Performance ClusterConfig Node Pool Network Config Network Performance Config - Network bandwidth tier configuration.
- pod
Cidr ClusterOverprovision Config Node Pool Network Config Pod Cidr Overprovision Config - Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
- pod
Ipv4Cidr StringBlock - The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
- pod
Range String - The ID of the secondary range for pod IPs. If
create_pod_rangeis true, this ID is used for the new range. Ifcreate_pod_rangeis false, uses an existing secondary range with this ID.
- additional
Node ClusterNetwork Configs Node Pool Network Config Additional Node Network Config[] - We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
- additional
Pod ClusterNetwork Configs Node Pool Network Config Additional Pod Network Config[] - We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
- create
Pod booleanRange - Whether to create a new range for pod IPs in this node pool. Defaults are provided for
pod_rangeandpod_ipv4_cidr_blockif they are not specified. - enable
Private booleanNodes - Whether nodes have internal IP addresses only.
- network
Performance ClusterConfig Node Pool Network Config Network Performance Config - Network bandwidth tier configuration.
- pod
Cidr ClusterOverprovision Config Node Pool Network Config Pod Cidr Overprovision Config - Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
- pod
Ipv4Cidr stringBlock - The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
- pod
Range string - The ID of the secondary range for pod IPs. If
create_pod_rangeis true, this ID is used for the new range. Ifcreate_pod_rangeis false, uses an existing secondary range with this ID.
- additional_
node_ Sequence[Clusternetwork_ configs Node Pool Network Config Additional Node Network Config] - We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
- additional_
pod_ Sequence[Clusternetwork_ configs Node Pool Network Config Additional Pod Network Config] - We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
- create_
pod_ boolrange - Whether to create a new range for pod IPs in this node pool. Defaults are provided for
pod_rangeandpod_ipv4_cidr_blockif they are not specified. - enable_
private_ boolnodes - Whether nodes have internal IP addresses only.
- network_
performance_ Clusterconfig Node Pool Network Config Network Performance Config - Network bandwidth tier configuration.
- pod_
cidr_ Clusteroverprovision_ config Node Pool Network Config Pod Cidr Overprovision Config - Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
- pod_
ipv4_ strcidr_ block - The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
- pod_
range str - The ID of the secondary range for pod IPs. If
create_pod_rangeis true, this ID is used for the new range. Ifcreate_pod_rangeis false, uses an existing secondary range with this ID.
- additional
Node List<Property Map>Network Configs - We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface
- additional
Pod List<Property Map>Network Configs - We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node
- create
Pod BooleanRange - Whether to create a new range for pod IPs in this node pool. Defaults are provided for
pod_rangeandpod_ipv4_cidr_blockif they are not specified. - enable
Private BooleanNodes - Whether nodes have internal IP addresses only.
- network
Performance Property MapConfig - Network bandwidth tier configuration.
- pod
Cidr Property MapOverprovision Config - Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited
- pod
Ipv4Cidr StringBlock - The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
- pod
Range String - The ID of the secondary range for pod IPs. If
create_pod_rangeis true, this ID is used for the new range. Ifcreate_pod_rangeis false, uses an existing secondary range with this ID.
ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfig, ClusterNodePoolNetworkConfigAdditionalNodeNetworkConfigArgs
- Network string
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- Subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- Network string
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- Subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- network String
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- subnetwork String
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- network string
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- network str
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- subnetwork str
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- network String
- The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- subnetwork String
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
ClusterNodePoolNetworkConfigAdditionalPodNetworkConfig, ClusterNodePoolNetworkConfigAdditionalPodNetworkConfigArgs
- Max
Pods intPer Node - The maximum number of pods per node which use this pod network.
- Secondary
Pod stringRange - The name of the secondary range on the subnet which provides IP address for this pod range.
- Subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- Max
Pods intPer Node - The maximum number of pods per node which use this pod network.
- Secondary
Pod stringRange - The name of the secondary range on the subnet which provides IP address for this pod range.
- Subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- max
Pods IntegerPer Node - The maximum number of pods per node which use this pod network.
- secondary
Pod StringRange - The name of the secondary range on the subnet which provides IP address for this pod range.
- subnetwork String
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- max
Pods numberPer Node - The maximum number of pods per node which use this pod network.
- secondary
Pod stringRange - The name of the secondary range on the subnet which provides IP address for this pod range.
- subnetwork string
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- max_
pods_ intper_ node - The maximum number of pods per node which use this pod network.
- secondary_
pod_ strrange - The name of the secondary range on the subnet which provides IP address for this pod range.
- subnetwork str
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- max
Pods NumberPer Node - The maximum number of pods per node which use this pod network.
- secondary
Pod StringRange - The name of the secondary range on the subnet which provides IP address for this pod range.
- subnetwork String
- The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
ClusterNodePoolNetworkConfigNetworkPerformanceConfig, ClusterNodePoolNetworkConfigNetworkPerformanceConfigArgs
- Total
Egress stringBandwidth Tier - Specifies the total network bandwidth tier for the NodePool.
- Total
Egress stringBandwidth Tier - Specifies the total network bandwidth tier for the NodePool.
- total
Egress StringBandwidth Tier - Specifies the total network bandwidth tier for the NodePool.
- total
Egress stringBandwidth Tier - Specifies the total network bandwidth tier for the NodePool.
- total_
egress_ strbandwidth_ tier - Specifies the total network bandwidth tier for the NodePool.
- total
Egress StringBandwidth Tier - Specifies the total network bandwidth tier for the NodePool.
ClusterNodePoolNetworkConfigPodCidrOverprovisionConfig, ClusterNodePoolNetworkConfigPodCidrOverprovisionConfigArgs
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetryblock supports
ClusterNodePoolNodeConfig, ClusterNodePoolNodeConfigArgs
- Advanced
Machine ClusterFeatures Node Pool Node Config Advanced Machine Features - Specifies options for controlling advanced machine features. Structure is documented below.
- Boot
Disk stringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- Confidential
Nodes ClusterNode Pool Node Config Confidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below.
- Containerd
Config ClusterNode Pool Node Config Containerd Config - Parameters to customize containerd runtime. Structure is documented below.
- Disk
Size intGb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- Disk
Type string - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- Effective
Taints List<ClusterNode Pool Node Config Effective Taint> - List of kubernetes taints applied to each node. Structure is documented above.
- Enable
Confidential boolStorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- Ephemeral
Storage ClusterConfig Node Pool Node Config Ephemeral Storage Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- Ephemeral
Storage ClusterLocal Ssd Config Node Pool Node Config Ephemeral Storage Local Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- Fast
Socket ClusterNode Pool Node Config Fast Socket - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- Gcfs
Config ClusterNode Pool Node Config Gcfs Config - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - Guest
Accelerators List<ClusterNode Pool Node Config Guest Accelerator> - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- Gvnic
Cluster
Node Pool Node Config Gvnic - Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- Host
Maintenance ClusterPolicy Node Pool Node Config Host Maintenance Policy - The maintenance policy for the hosts on which the GKE VMs run on.
- Image
Type string - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- Kubelet
Config ClusterNode Pool Node Config Kubelet Config - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - Labels Dictionary<string, string>
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- Linux
Node ClusterConfig Node Pool Node Config Linux Node Config - Parameters that can be configured on Linux nodes. Structure is documented below.
- Local
Nvme ClusterSsd Block Config Node Pool Node Config Local Nvme Ssd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- Local
Ssd intCount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- Local
Ssd stringEncryption Mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- Logging
Variant string - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- Machine
Type string - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - Max
Run stringDuration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- Metadata Dictionary<string, string>
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - Min
Cpu stringPlatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - Node
Group string - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- Oauth
Scopes List<string> The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- Preemptible bool
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- Reservation
Affinity ClusterNode Pool Node Config Reservation Affinity - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- Resource
Labels Dictionary<string, string> - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- Dictionary<string, string>
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - Sandbox
Config ClusterNode Pool Node Config Sandbox Config - Sandbox configuration for this node.
- Secondary
Boot List<ClusterDisks Node Pool Node Config Secondary Boot Disk> - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - Service
Account string - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- Shielded
Instance ClusterConfig Node Pool Node Config Shielded Instance Config - Shielded Instance options. Structure is documented below.
- Sole
Tenant ClusterConfig Node Pool Node Config Sole Tenant Config - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - Spot bool
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- Storage
Pools List<string> - The list of Storage Pools where boot disks are provisioned.
- List<string>
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- Taints
List<Cluster
Node Pool Node Config Taint> - A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - Workload
Metadata ClusterConfig Node Pool Node Config Workload Metadata Config - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
- Advanced
Machine ClusterFeatures Node Pool Node Config Advanced Machine Features - Specifies options for controlling advanced machine features. Structure is documented below.
- Boot
Disk stringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- Confidential
Nodes ClusterNode Pool Node Config Confidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below.
- Containerd
Config ClusterNode Pool Node Config Containerd Config - Parameters to customize containerd runtime. Structure is documented below.
- Disk
Size intGb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- Disk
Type string - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- Effective
Taints []ClusterNode Pool Node Config Effective Taint - List of kubernetes taints applied to each node. Structure is documented above.
- Enable
Confidential boolStorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- Ephemeral
Storage ClusterConfig Node Pool Node Config Ephemeral Storage Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- Ephemeral
Storage ClusterLocal Ssd Config Node Pool Node Config Ephemeral Storage Local Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- Fast
Socket ClusterNode Pool Node Config Fast Socket - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- Gcfs
Config ClusterNode Pool Node Config Gcfs Config - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - Guest
Accelerators []ClusterNode Pool Node Config Guest Accelerator - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- Gvnic
Cluster
Node Pool Node Config Gvnic - Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- Host
Maintenance ClusterPolicy Node Pool Node Config Host Maintenance Policy - The maintenance policy for the hosts on which the GKE VMs run on.
- Image
Type string - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- Kubelet
Config ClusterNode Pool Node Config Kubelet Config - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - Labels map[string]string
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- Linux
Node ClusterConfig Node Pool Node Config Linux Node Config - Parameters that can be configured on Linux nodes. Structure is documented below.
- Local
Nvme ClusterSsd Block Config Node Pool Node Config Local Nvme Ssd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- Local
Ssd intCount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- Local
Ssd stringEncryption Mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- Logging
Variant string - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- Machine
Type string - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - Max
Run stringDuration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- Metadata map[string]string
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - Min
Cpu stringPlatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - Node
Group string - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- Oauth
Scopes []string The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- Preemptible bool
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- Reservation
Affinity ClusterNode Pool Node Config Reservation Affinity - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- Resource
Labels map[string]string - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- map[string]string
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - Sandbox
Config ClusterNode Pool Node Config Sandbox Config - Sandbox configuration for this node.
- Secondary
Boot []ClusterDisks Node Pool Node Config Secondary Boot Disk - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - Service
Account string - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- Shielded
Instance ClusterConfig Node Pool Node Config Shielded Instance Config - Shielded Instance options. Structure is documented below.
- Sole
Tenant ClusterConfig Node Pool Node Config Sole Tenant Config - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - Spot bool
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- Storage
Pools []string - The list of Storage Pools where boot disks are provisioned.
- []string
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- Taints
[]Cluster
Node Pool Node Config Taint - A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - Workload
Metadata ClusterConfig Node Pool Node Config Workload Metadata Config - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
- advanced
Machine ClusterFeatures Node Pool Node Config Advanced Machine Features - Specifies options for controlling advanced machine features. Structure is documented below.
- boot
Disk StringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- confidential
Nodes ClusterNode Pool Node Config Confidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below.
- containerd
Config ClusterNode Pool Node Config Containerd Config - Parameters to customize containerd runtime. Structure is documented below.
- disk
Size IntegerGb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- disk
Type String - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- effective
Taints List<ClusterNode Pool Node Config Effective Taint> - List of kubernetes taints applied to each node. Structure is documented above.
- enable
Confidential BooleanStorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- ephemeral
Storage ClusterConfig Node Pool Node Config Ephemeral Storage Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- ephemeral
Storage ClusterLocal Ssd Config Node Pool Node Config Ephemeral Storage Local Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- fast
Socket ClusterNode Pool Node Config Fast Socket - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- gcfs
Config ClusterNode Pool Node Config Gcfs Config - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - guest
Accelerators List<ClusterNode Pool Node Config Guest Accelerator> - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- gvnic
Cluster
Node Pool Node Config Gvnic - Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- host
Maintenance ClusterPolicy Node Pool Node Config Host Maintenance Policy - The maintenance policy for the hosts on which the GKE VMs run on.
- image
Type String - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- kubelet
Config ClusterNode Pool Node Config Kubelet Config - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - labels Map<String,String>
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- linux
Node ClusterConfig Node Pool Node Config Linux Node Config - Parameters that can be configured on Linux nodes. Structure is documented below.
- local
Nvme ClusterSsd Block Config Node Pool Node Config Local Nvme Ssd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- local
Ssd IntegerCount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- local
Ssd StringEncryption Mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- logging
Variant String - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- machine
Type String - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - max
Run StringDuration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- metadata Map<String,String>
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - min
Cpu StringPlatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - node
Group String - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- oauth
Scopes List<String> The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- preemptible Boolean
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- reservation
Affinity ClusterNode Pool Node Config Reservation Affinity - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- resource
Labels Map<String,String> - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- Map<String,String>
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - sandbox
Config ClusterNode Pool Node Config Sandbox Config - Sandbox configuration for this node.
- secondary
Boot List<ClusterDisks Node Pool Node Config Secondary Boot Disk> - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - service
Account String - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- shielded
Instance ClusterConfig Node Pool Node Config Shielded Instance Config - Shielded Instance options. Structure is documented below.
- sole
Tenant ClusterConfig Node Pool Node Config Sole Tenant Config - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - spot Boolean
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- storage
Pools List<String> - The list of Storage Pools where boot disks are provisioned.
- List<String>
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- taints
List<Cluster
Node Pool Node Config Taint> - A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - workload
Metadata ClusterConfig Node Pool Node Config Workload Metadata Config - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
- advanced
Machine ClusterFeatures Node Pool Node Config Advanced Machine Features - Specifies options for controlling advanced machine features. Structure is documented below.
- boot
Disk stringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- confidential
Nodes ClusterNode Pool Node Config Confidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below.
- containerd
Config ClusterNode Pool Node Config Containerd Config - Parameters to customize containerd runtime. Structure is documented below.
- disk
Size numberGb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- disk
Type string - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- effective
Taints ClusterNode Pool Node Config Effective Taint[] - List of kubernetes taints applied to each node. Structure is documented above.
- enable
Confidential booleanStorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- ephemeral
Storage ClusterConfig Node Pool Node Config Ephemeral Storage Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- ephemeral
Storage ClusterLocal Ssd Config Node Pool Node Config Ephemeral Storage Local Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- fast
Socket ClusterNode Pool Node Config Fast Socket - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- gcfs
Config ClusterNode Pool Node Config Gcfs Config - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - guest
Accelerators ClusterNode Pool Node Config Guest Accelerator[] - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- gvnic
Cluster
Node Pool Node Config Gvnic - Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- host
Maintenance ClusterPolicy Node Pool Node Config Host Maintenance Policy - The maintenance policy for the hosts on which the GKE VMs run on.
- image
Type string - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- kubelet
Config ClusterNode Pool Node Config Kubelet Config - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - labels {[key: string]: string}
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- linux
Node ClusterConfig Node Pool Node Config Linux Node Config - Parameters that can be configured on Linux nodes. Structure is documented below.
- local
Nvme ClusterSsd Block Config Node Pool Node Config Local Nvme Ssd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- local
Ssd numberCount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- local
Ssd stringEncryption Mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- logging
Variant string - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- machine
Type string - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - max
Run stringDuration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- metadata {[key: string]: string}
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - min
Cpu stringPlatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - node
Group string - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- oauth
Scopes string[] The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- preemptible boolean
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- reservation
Affinity ClusterNode Pool Node Config Reservation Affinity - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- resource
Labels {[key: string]: string} - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- {[key: string]: string}
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - sandbox
Config ClusterNode Pool Node Config Sandbox Config - Sandbox configuration for this node.
- secondary
Boot ClusterDisks Node Pool Node Config Secondary Boot Disk[] - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - service
Account string - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- shielded
Instance ClusterConfig Node Pool Node Config Shielded Instance Config - Shielded Instance options. Structure is documented below.
- sole
Tenant ClusterConfig Node Pool Node Config Sole Tenant Config - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - spot boolean
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- storage
Pools string[] - The list of Storage Pools where boot disks are provisioned.
- string[]
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- taints
Cluster
Node Pool Node Config Taint[] - A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - workload
Metadata ClusterConfig Node Pool Node Config Workload Metadata Config - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
- advanced_
machine_ Clusterfeatures Node Pool Node Config Advanced Machine Features - Specifies options for controlling advanced machine features. Structure is documented below.
- boot_
disk_ strkms_ key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- confidential_
nodes ClusterNode Pool Node Config Confidential Nodes - Configuration for Confidential Nodes feature. Structure is documented below.
- containerd_
config ClusterNode Pool Node Config Containerd Config - Parameters to customize containerd runtime. Structure is documented below.
- disk_
size_ intgb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- disk_
type str - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- effective_
taints Sequence[ClusterNode Pool Node Config Effective Taint] - List of kubernetes taints applied to each node. Structure is documented above.
- enable_
confidential_ boolstorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- ephemeral_
storage_ Clusterconfig Node Pool Node Config Ephemeral Storage Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- ephemeral_
storage_ Clusterlocal_ ssd_ config Node Pool Node Config Ephemeral Storage Local Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- fast_
socket ClusterNode Pool Node Config Fast Socket - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- gcfs_
config ClusterNode Pool Node Config Gcfs Config - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - guest_
accelerators Sequence[ClusterNode Pool Node Config Guest Accelerator] - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- gvnic
Cluster
Node Pool Node Config Gvnic - Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- host_
maintenance_ Clusterpolicy Node Pool Node Config Host Maintenance Policy - The maintenance policy for the hosts on which the GKE VMs run on.
- image_
type str - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- kubelet_
config ClusterNode Pool Node Config Kubelet Config - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - labels Mapping[str, str]
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- linux_
node_ Clusterconfig Node Pool Node Config Linux Node Config - Parameters that can be configured on Linux nodes. Structure is documented below.
- local_
nvme_ Clusterssd_ block_ config Node Pool Node Config Local Nvme Ssd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- local_
ssd_ intcount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- local_
ssd_ strencryption_ mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- logging_
variant str - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- machine_
type str - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - max_
run_ strduration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- metadata Mapping[str, str]
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - min_
cpu_ strplatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - node_
group str - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- oauth_
scopes Sequence[str] The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- preemptible bool
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- reservation_
affinity ClusterNode Pool Node Config Reservation Affinity - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- resource_
labels Mapping[str, str] - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- Mapping[str, str]
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - sandbox_
config ClusterNode Pool Node Config Sandbox Config - Sandbox configuration for this node.
- secondary_
boot_ Sequence[Clusterdisks Node Pool Node Config Secondary Boot Disk] - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - service_
account str - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- shielded_
instance_ Clusterconfig Node Pool Node Config Shielded Instance Config - Shielded Instance options. Structure is documented below.
- sole_
tenant_ Clusterconfig Node Pool Node Config Sole Tenant Config - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - spot bool
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- storage_
pools Sequence[str] - The list of Storage Pools where boot disks are provisioned.
- Sequence[str]
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- taints
Sequence[Cluster
Node Pool Node Config Taint] - A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - workload_
metadata_ Clusterconfig Node Pool Node Config Workload Metadata Config - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
- advanced
Machine Property MapFeatures - Specifies options for controlling advanced machine features. Structure is documented below.
- boot
Disk StringKms Key - The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- confidential
Nodes Property Map - Configuration for Confidential Nodes feature. Structure is documented below.
- containerd
Config Property Map - Parameters to customize containerd runtime. Structure is documented below.
- disk
Size NumberGb - Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- disk
Type String - Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
- effective
Taints List<Property Map> - List of kubernetes taints applied to each node. Structure is documented above.
- enable
Confidential BooleanStorage - Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- ephemeral
Storage Property MapConfig - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- ephemeral
Storage Property MapLocal Ssd Config - Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.
- fast
Socket Property Map - Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later. Structure is documented below.
- gcfs
Config Property Map - Parameters for the Google Container Filesystem (GCFS).
If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify
image_type = "COS_CONTAINERD"andnode_versionfrom GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimumnode_versionwould be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. Amachine_typethat has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below. - guest
Accelerators List<Property Map> - List of the type and count of accelerator cards attached to the instance. Structure documented below.
- gvnic Property Map
- Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
- host
Maintenance Property MapPolicy - The maintenance policy for the hosts on which the GKE VMs run on.
- image
Type String - The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- kubelet
Config Property Map - Kubelet configuration, currently supported attributes can be found here.
Structure is documented below.
kubelet_config { cpu_manager_policy = "static" cpu_cfs_quota = true cpu_cfs_quota_period = "100us" pod_pids_limit = 1024 } - labels Map<String>
- The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- linux
Node Property MapConfig - Parameters that can be configured on Linux nodes. Structure is documented below.
- local
Nvme Property MapSsd Block Config - Parameters for the local NVMe SSDs. Structure is documented below.
- local
Ssd NumberCount - The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- local
Ssd StringEncryption Mode - Possible Local SSD encryption modes:
Accepted values are:
STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- logging
Variant String - Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
- machine
Type String - The name of a Google Compute Engine machine type.
Defaults to
e2-medium. To create a custom machine type, value should be set as specified here. - max
Run StringDuration - The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- metadata Map<String>
- The metadata key/value pairs assigned to instances in
the cluster. From GKE
1.12onwards,disable-legacy-endpointsis set totrueby the API; ifmetadatais set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config. - min
Cpu StringPlatform - Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as
Intel Haswell. See the official documentation for more information. - node
Group String - Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- oauth
Scopes List<String> The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_accountto a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the official documentation for information on migrating off of legacy access scopes.
- preemptible Boolean
- A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- reservation
Affinity Property Map - The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
- resource
Labels Map<String> - The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- Map<String>
- A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1.
tagKeys/{tag_key_id}=tagValues/{tag_value_id}2.{org_id}/{tag_key_name}={tag_value_name}3.{project_id}/{tag_key_name}={tag_value_name}. - sandbox
Config Property Map - Sandbox configuration for this node.
- secondary
Boot List<Property Map>Disks - Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below.
gcfs_configmust beenabled=truefor this feature to work.min_master_versionmust also be set to use GKE 1.28.3-gke.106700 or later versions. - service
Account String - The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- shielded
Instance Property MapConfig - Shielded Instance options. Structure is documented below.
- sole
Tenant Property MapConfig - Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
node_affinitystructure is documented below. - spot Boolean
- A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- storage
Pools List<String> - The list of Storage Pools where boot disks are provisioned.
- List<String>
- The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- taints List<Property Map>
- A list of Kubernetes taints
to apply to nodes. GKE's API can only set this field on cluster creation.
However, GKE will add taints to your nodes if you enable certain features such
as GPUs. If this field is set, any diffs on this field will cause the provider to
recreate the underlying resource. Taint values can be updated safely in
Kubernetes (eg. through
kubectl), and it's recommended that you do not use this field to manage taints. If you do,lifecycle.ignore_changesis recommended. Structure is documented below. - workload
Metadata Property MapConfig - Metadata configuration to expose to workloads on the node pool. Structure is documented below.
ClusterNodePoolNodeConfigAdvancedMachineFeatures, ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs
- Threads
Per intCore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- Enable
Nested boolVirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
- Threads
Per intCore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- Enable
Nested boolVirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
- threads
Per IntegerCore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- enable
Nested BooleanVirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
- threads
Per numberCore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- enable
Nested booleanVirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
- threads_
per_ intcore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- enable_
nested_ boolvirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
- threads
Per NumberCore - The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
- enable
Nested BooleanVirtualization - Defines whether the instance should have nested virtualization enabled. Defaults to false.
ClusterNodePoolNodeConfigConfidentialNodes, ClusterNodePoolNodeConfigConfidentialNodesArgs
- Enabled bool
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- Enabled bool
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled Boolean
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled boolean
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled bool
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled Boolean
- Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
ClusterNodePoolNodeConfigContainerdConfig, ClusterNodePoolNodeConfigContainerdConfigArgs
- Private
Registry ClusterAccess Config Node Pool Node Config Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- Private
Registry ClusterAccess Config Node Pool Node Config Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private
Registry ClusterAccess Config Node Pool Node Config Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private
Registry ClusterAccess Config Node Pool Node Config Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private_
registry_ Clusteraccess_ config Node Pool Node Config Containerd Config Private Registry Access Config - Configuration for private container registries. There are two fields in this config:
- private
Registry Property MapAccess Config - Configuration for private container registries. There are two fields in this config:
ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfig, ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigArgs
- Enabled bool
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
List<Cluster
Node Pool Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config> - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- Enabled bool
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
[]Cluster
Node Pool Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled Boolean
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
List<Cluster
Node Pool Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config> - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled boolean
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
Cluster
Node Pool Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config[] - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled bool
- Enables private registry config. If set to false, all other fields in this object must not be set.
-
Sequence[Cluster
Node Pool Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config] - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
- enabled Boolean
- Enables private registry config. If set to false, all other fields in this object must not be set.
- List<Property Map>
- List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See how to configure for private container registries for more detail. Example:
ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfig, ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigArgs
- Fqdns List<string>
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- Gcp
Secret ClusterManager Certificate Config Node Pool Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- Fqdns []string
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- Gcp
Secret ClusterManager Certificate Config Node Pool Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns List<String>
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp
Secret ClusterManager Certificate Config Node Pool Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns string[]
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp
Secret ClusterManager Certificate Config Node Pool Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns Sequence[str]
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp_
secret_ Clustermanager_ certificate_ config Node Pool Node Config Containerd Config Private Registry Access Config Certificate Authority Domain Config Gcp Secret Manager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
- fqdns List<String>
- List of fully-qualified-domain-names. IPv4s and port specification are supported.
- gcp
Secret Property MapManager Certificate Config - Parameters for configuring a certificate hosted in GCP SecretManager.
ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfig, ClusterNodePoolNodeConfigContainerdConfigPrivateRegistryAccessConfigCertificateAuthorityDomainConfigGcpSecretManagerCertificateConfigArgs
- Secret
Uri string - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- Secret
Uri string - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret
Uri String - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret
Uri string - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret_
uri str - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
- secret
Uri String - URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.
ClusterNodePoolNodeConfigEffectiveTaint, ClusterNodePoolNodeConfigEffectiveTaintArgs
ClusterNodePoolNodeConfigEphemeralStorageConfig, ClusterNodePoolNodeConfigEphemeralStorageConfigArgs
- Local
Ssd intCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- Local
Ssd intCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd IntegerCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd numberCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local_
ssd_ intcount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd NumberCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfig, ClusterNodePoolNodeConfigEphemeralStorageLocalSsdConfigArgs
- Local
Ssd intCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- Local
Ssd intCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd IntegerCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd numberCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local_
ssd_ intcount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
- local
Ssd NumberCount - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.
ClusterNodePoolNodeConfigFastSocket, ClusterNodePoolNodeConfigFastSocketArgs
- Enabled bool
- Whether or not the NCCL Fast Socket is enabled
- Enabled bool
- Whether or not the NCCL Fast Socket is enabled
- enabled Boolean
- Whether or not the NCCL Fast Socket is enabled
- enabled boolean
- Whether or not the NCCL Fast Socket is enabled
- enabled bool
- Whether or not the NCCL Fast Socket is enabled
- enabled Boolean
- Whether or not the NCCL Fast Socket is enabled
ClusterNodePoolNodeConfigGcfsConfig, ClusterNodePoolNodeConfigGcfsConfigArgs
- Enabled bool
- Whether or not the Google Container Filesystem (GCFS) is enabled
- Enabled bool
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled Boolean
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled boolean
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled bool
- Whether or not the Google Container Filesystem (GCFS) is enabled
- enabled Boolean
- Whether or not the Google Container Filesystem (GCFS) is enabled
ClusterNodePoolNodeConfigGuestAccelerator, ClusterNodePoolNodeConfigGuestAcceleratorArgs
- Count int
- The number of the guest accelerator cards exposed to this instance.
- Type string
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - Gpu
Driver ClusterInstallation Config Node Pool Node Config Guest Accelerator Gpu Driver Installation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- Gpu
Partition stringSize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- Gpu
Sharing ClusterConfig Node Pool Node Config Guest Accelerator Gpu Sharing Config - Configuration for GPU sharing. Structure is documented below.
- Count int
- The number of the guest accelerator cards exposed to this instance.
- Type string
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - Gpu
Driver ClusterInstallation Config Node Pool Node Config Guest Accelerator Gpu Driver Installation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- Gpu
Partition stringSize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- Gpu
Sharing ClusterConfig Node Pool Node Config Guest Accelerator Gpu Sharing Config - Configuration for GPU sharing. Structure is documented below.
- count Integer
- The number of the guest accelerator cards exposed to this instance.
- type String
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - gpu
Driver ClusterInstallation Config Node Pool Node Config Guest Accelerator Gpu Driver Installation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- gpu
Partition StringSize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- gpu
Sharing ClusterConfig Node Pool Node Config Guest Accelerator Gpu Sharing Config - Configuration for GPU sharing. Structure is documented below.
- count number
- The number of the guest accelerator cards exposed to this instance.
- type string
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - gpu
Driver ClusterInstallation Config Node Pool Node Config Guest Accelerator Gpu Driver Installation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- gpu
Partition stringSize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- gpu
Sharing ClusterConfig Node Pool Node Config Guest Accelerator Gpu Sharing Config - Configuration for GPU sharing. Structure is documented below.
- count int
- The number of the guest accelerator cards exposed to this instance.
- type str
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - gpu_
driver_ Clusterinstallation_ config Node Pool Node Config Guest Accelerator Gpu Driver Installation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- gpu_
partition_ strsize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- gpu_
sharing_ Clusterconfig Node Pool Node Config Guest Accelerator Gpu Sharing Config - Configuration for GPU sharing. Structure is documented below.
- count Number
- The number of the guest accelerator cards exposed to this instance.
- type String
- The accelerator type resource to expose to this instance. E.g.
nvidia-tesla-k80. - gpu
Driver Property MapInstallation Config - Configuration for auto installation of GPU driver. Structure is documented below.
- gpu
Partition StringSize - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- gpu
Sharing Property MapConfig - Configuration for GPU sharing. Structure is documented below.
ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfig, ClusterNodePoolNodeConfigGuestAcceleratorGpuDriverInstallationConfigArgs
- Gpu
Driver stringVersion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
- Gpu
Driver stringVersion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
- gpu
Driver StringVersion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
- gpu
Driver stringVersion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
- gpu_
driver_ strversion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
- gpu
Driver StringVersion - Mode for how the GPU driver is installed.
Accepted values are:
"GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to not install any GPU driver."INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation."DEFAULT": "Default" GPU driver in COS and Ubuntu."LATEST": "Latest" GPU driver in COS.
ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfig, ClusterNodePoolNodeConfigGuestAcceleratorGpuSharingConfigArgs
- Gpu
Sharing stringStrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- int
- The maximum number of containers that can share a GPU.
- Gpu
Sharing stringStrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- int
- The maximum number of containers that can share a GPU.
- gpu
Sharing StringStrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- Integer
- The maximum number of containers that can share a GPU.
- gpu
Sharing stringStrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- number
- The maximum number of containers that can share a GPU.
- gpu_
sharing_ strstrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- int
- The maximum number of containers that can share a GPU.
- gpu
Sharing StringStrategy - The type of GPU sharing strategy to enable on the GPU node.
Accepted values are:
"TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device."MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- Number
- The maximum number of containers that can share a GPU.
ClusterNodePoolNodeConfigGvnic, ClusterNodePoolNodeConfigGvnicArgs
- Enabled bool
- Whether or not the Google Virtual NIC (gVNIC) is enabled
- Enabled bool
- Whether or not the Google Virtual NIC (gVNIC) is enabled
- enabled Boolean
- Whether or not the Google Virtual NIC (gVNIC) is enabled
- enabled boolean
- Whether or not the Google Virtual NIC (gVNIC) is enabled
- enabled bool
- Whether or not the Google Virtual NIC (gVNIC) is enabled
- enabled Boolean
- Whether or not the Google Virtual NIC (gVNIC) is enabled
ClusterNodePoolNodeConfigHostMaintenancePolicy, ClusterNodePoolNodeConfigHostMaintenancePolicyArgs
- Maintenance
Interval string - .
- Maintenance
Interval string - .
- maintenance
Interval String - .
- maintenance
Interval string - .
- maintenance_
interval str - .
- maintenance
Interval String - .
ClusterNodePoolNodeConfigKubeletConfig, ClusterNodePoolNodeConfigKubeletConfigArgs
- Allowed
Unsafe List<string>Sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - Container
Log intMax Files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- Container
Log stringMax Size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - Cpu
Cfs boolQuota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- Cpu
Cfs stringQuota Period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - Cpu
Manager stringPolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - Image
Gc intHigh Threshold Percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- Image
Gc intLow Threshold Percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- Image
Maximum stringGc Age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - Image
Minimum stringGc Age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - Insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - Pod
Pids intLimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- Allowed
Unsafe []stringSysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - Container
Log intMax Files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- Container
Log stringMax Size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - Cpu
Cfs boolQuota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- Cpu
Cfs stringQuota Period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - Cpu
Manager stringPolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - Image
Gc intHigh Threshold Percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- Image
Gc intLow Threshold Percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- Image
Maximum stringGc Age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - Image
Minimum stringGc Age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - Insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - Pod
Pids intLimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- allowed
Unsafe List<String>Sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - container
Log IntegerMax Files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- container
Log StringMax Size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - cpu
Cfs BooleanQuota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- cpu
Cfs StringQuota Period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - cpu
Manager StringPolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - image
Gc IntegerHigh Threshold Percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- image
Gc IntegerLow Threshold Percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- image
Maximum StringGc Age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - image
Minimum StringGc Age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - insecure
Kubelet StringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - pod
Pids IntegerLimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- allowed
Unsafe string[]Sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - container
Log numberMax Files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- container
Log stringMax Size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - cpu
Cfs booleanQuota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- cpu
Cfs stringQuota Period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - cpu
Manager stringPolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - image
Gc numberHigh Threshold Percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- image
Gc numberLow Threshold Percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- image
Maximum stringGc Age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - image
Minimum stringGc Age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - insecure
Kubelet stringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - pod
Pids numberLimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- allowed_
unsafe_ Sequence[str]sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - container_
log_ intmax_ files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- container_
log_ strmax_ size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - cpu_
cfs_ boolquota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- cpu_
cfs_ strquota_ period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - cpu_
manager_ strpolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - image_
gc_ inthigh_ threshold_ percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- image_
gc_ intlow_ threshold_ percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- image_
maximum_ strgc_ age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - image_
minimum_ strgc_ age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - insecure_
kubelet_ strreadonly_ port_ enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - pod_
pids_ intlimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- allowed
Unsafe List<String>Sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are
kernel.shm*,kernel.msg*,kernel.sem,fs.mqueue.*, andnet.*. - container
Log NumberMax Files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- container
Log StringMax Size - Defines the maximum size of the
container log file before it is rotated. Specified as a positive number and a
unit suffix, such as
"100Ki","10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between"10Mi"and"500Mi", inclusive. And the total container log size (container_log_max_size*container_log_max_files) cannot exceed 1% of the total storage of the node. - cpu
Cfs BooleanQuota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- cpu
Cfs StringQuota Period - The CPU CFS quota period value. Specified
as a sequence of decimal numbers, each with optional fraction and a unit suffix,
such as
"300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - cpu
Manager StringPolicy - The CPU management policy on the node. See
K8S CPU Management Policies.
One of
"none"or"static". If unset (or set to the empty string""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string"", which will function identically to not setting this field. - image
Gc NumberHigh Threshold Percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- image
Gc NumberLow Threshold Percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- image
Maximum StringGc Age - Defines the maximum age an image can be unused before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m", and"2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - image
Minimum StringGc Age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as
"300s","1.5m". The value cannot be greater than "2m". - insecure
Kubelet StringReadonly Port Enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to
FALSE. Possible values:TRUE,FALSE. - pod
Pids NumberLimit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
ClusterNodePoolNodeConfigLinuxNodeConfig, ClusterNodePoolNodeConfigLinuxNodeConfigArgs
- Cgroup
Mode string - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- Hugepages
Config ClusterNode Pool Node Config Linux Node Config Hugepages Config - Amounts for 2M and 1G hugepages. Structure is documented below.
- Sysctls Dictionary<string, string>
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
- Cgroup
Mode string - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- Hugepages
Config ClusterNode Pool Node Config Linux Node Config Hugepages Config - Amounts for 2M and 1G hugepages. Structure is documented below.
- Sysctls map[string]string
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
- cgroup
Mode String - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- hugepages
Config ClusterNode Pool Node Config Linux Node Config Hugepages Config - Amounts for 2M and 1G hugepages. Structure is documented below.
- sysctls Map<String,String>
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
- cgroup
Mode string - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- hugepages
Config ClusterNode Pool Node Config Linux Node Config Hugepages Config - Amounts for 2M and 1G hugepages. Structure is documented below.
- sysctls {[key: string]: string}
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
- cgroup_
mode str - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- hugepages_
config ClusterNode Pool Node Config Linux Node Config Hugepages Config - Amounts for 2M and 1G hugepages. Structure is documented below.
- sysctls Mapping[str, str]
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
- cgroup
Mode String - Possible cgroup modes that can be used.
Accepted values are:
CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- hugepages
Config Property Map - Amounts for 2M and 1G hugepages. Structure is documented below.
- sysctls Map<String>
- The Linux kernel parameters to be applied to the nodes
and all pods running on the nodes. Specified as a map from the key, such as
net.core.wmem_max, to a string value. Currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional.
ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfig, ClusterNodePoolNodeConfigLinuxNodeConfigHugepagesConfigArgs
- Hugepage
Size1g int - Amount of 1G hugepages.
- Hugepage
Size2m int - Amount of 2M hugepages.
- Hugepage
Size1g int - Amount of 1G hugepages.
- Hugepage
Size2m int - Amount of 2M hugepages.
- hugepage
Size1g Integer - Amount of 1G hugepages.
- hugepage
Size2m Integer - Amount of 2M hugepages.
- hugepage
Size1g number - Amount of 1G hugepages.
- hugepage
Size2m number - Amount of 2M hugepages.
- hugepage_
size1g int - Amount of 1G hugepages.
- hugepage_
size2m int - Amount of 2M hugepages.
- hugepage
Size1g Number - Amount of 1G hugepages.
- hugepage
Size2m Number - Amount of 2M hugepages.
ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfig, ClusterNodePoolNodeConfigLocalNvmeSsdBlockConfigArgs
- Local
Ssd intCount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
- Local
Ssd intCount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
- local
Ssd IntegerCount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
- local
Ssd numberCount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
- local_
ssd_ intcount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
- local
Ssd NumberCount Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node.
Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
ClusterNodePoolNodeConfigReservationAffinity, ClusterNodePoolNodeConfigReservationAffinityArgs
- Consume
Reservation stringType - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- Key string
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- Values List<string>
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
- Consume
Reservation stringType - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- Key string
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- Values []string
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
- consume
Reservation StringType - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- key String
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- values List<String>
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
- consume
Reservation stringType - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- key string
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- values string[]
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
- consume_
reservation_ strtype - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- key str
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- values Sequence[str]
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
- consume
Reservation StringType - The type of reservation consumption
Accepted values are:
"UNSPECIFIED": Default value. This should not be used."NO_RESERVATION": Do not consume from any reserved capacity."ANY_RESERVATION": Consume any reservation available."SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- key String
- The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- values List<String>
- The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
ClusterNodePoolNodeConfigSandboxConfig, ClusterNodePoolNodeConfigSandboxConfigArgs
- Sandbox
Type string - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
- Sandbox
Type string - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
- sandbox
Type String - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
- sandbox
Type string - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
- sandbox_
type str - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
- sandbox
Type String - Which sandbox to use for pods in the node pool.
Accepted values are:
"gvisor": Pods run within a gVisor sandbox.
ClusterNodePoolNodeConfigSecondaryBootDisk, ClusterNodePoolNodeConfigSecondaryBootDiskArgs
- Disk
Image string - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - Mode string
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
- Disk
Image string - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - Mode string
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
- disk
Image String - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - mode String
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
- disk
Image string - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - mode string
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
- disk_
image str - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - mode str
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
- disk
Image String - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be
global/images/DISK_IMAGE_NAME. - mode String
- Mode for how the secondary boot disk is used. An example mode is
CONTAINER_IMAGE_CACHE.
ClusterNodePoolNodeConfigShieldedInstanceConfig, ClusterNodePoolNodeConfigShieldedInstanceConfigArgs
- Enable
Integrity boolMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- Enable
Secure boolBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- Enable
Integrity boolMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- Enable
Secure boolBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable
Integrity BooleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable
Secure BooleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable
Integrity booleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable
Secure booleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable_
integrity_ boolmonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable_
secure_ boolboot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
- enable
Integrity BooleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true.- enable
Secure BooleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false.
ClusterNodePoolNodeConfigSoleTenantConfig, ClusterNodePoolNodeConfigSoleTenantConfigArgs
ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinity, ClusterNodePoolNodeConfigSoleTenantConfigNodeAffinityArgs
ClusterNodePoolNodeConfigTaint, ClusterNodePoolNodeConfigTaintArgs
ClusterNodePoolNodeConfigWorkloadMetadataConfig, ClusterNodePoolNodeConfigWorkloadMetadataConfigArgs
- Mode string
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
- Mode string
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
- mode String
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
- mode string
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
- mode str
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
- mode String
- How to expose the node metadata to the workload running on the node.
Accepted values are:
- UNSPECIFIED: Not Set
- GCE_METADATA: Expose all Compute Engine metadata to pods.
- GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
ClusterNodePoolPlacementPolicy, ClusterNodePoolPlacementPolicyArgs
- Type string
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later. - Policy
Name string - If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
- Tpu
Topology string - TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
- Type string
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later. - Policy
Name string - If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
- Tpu
Topology string - TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
- type String
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later. - policy
Name String - If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
- tpu
Topology String - TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
- type string
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later. - policy
Name string - If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
- tpu
Topology string - TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
- type str
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later. - policy_
name str - If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
- tpu_
topology str - TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
- type String
- Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY);SYSTEM_ONLY(Only system components are monitored and logged) is only available in GKE versions 1.15 and later. - policy
Name String - If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
- tpu
Topology String - TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies
ClusterNodePoolQueuedProvisioning, ClusterNodePoolQueuedProvisioningArgs
- Enabled bool
- Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API
- Enabled bool
- Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API
- enabled Boolean
- Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API
- enabled boolean
- Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API
- enabled bool
- Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API
- enabled Boolean
- Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API
ClusterNodePoolUpgradeSettings, ClusterNodePoolUpgradeSettingsArgs
- Blue
Green ClusterSettings Node Pool Upgrade Settings Blue Green Settings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- Max
Surge int - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- int
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Strategy string
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- Blue
Green ClusterSettings Node Pool Upgrade Settings Blue Green Settings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- Max
Surge int - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- int
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Strategy string
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue
Green ClusterSettings Node Pool Upgrade Settings Blue Green Settings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max
Surge Integer - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Integer
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy String
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue
Green ClusterSettings Node Pool Upgrade Settings Blue Green Settings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max
Surge number - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- number
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy string
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue_
green_ Clustersettings Node Pool Upgrade Settings Blue Green Settings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max_
surge int - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- int
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy str
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue
Green Property MapSettings - Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max
Surge Number - The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Number
- The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy String
- Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
ClusterNodePoolUpgradeSettingsBlueGreenSettings, ClusterNodePoolUpgradeSettingsBlueGreenSettingsArgs
- Standard
Rollout ClusterPolicy Node Pool Upgrade Settings Blue Green Settings Standard Rollout Policy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- Node
Pool stringSoak Duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- Standard
Rollout ClusterPolicy Node Pool Upgrade Settings Blue Green Settings Standard Rollout Policy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- Node
Pool stringSoak Duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard
Rollout ClusterPolicy Node Pool Upgrade Settings Blue Green Settings Standard Rollout Policy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node
Pool StringSoak Duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard
Rollout ClusterPolicy Node Pool Upgrade Settings Blue Green Settings Standard Rollout Policy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node
Pool stringSoak Duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard_
rollout_ Clusterpolicy Node Pool Upgrade Settings Blue Green Settings Standard Rollout Policy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node_
pool_ strsoak_ duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard
Rollout Property MapPolicy - Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node
Pool StringSoak Duration - Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy, ClusterNodePoolUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs
- Batch
Node intCount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Percentage double - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Soak stringDuration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- Batch
Node intCount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Percentage float64 - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Soak stringDuration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch
Node IntegerCount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch
Percentage Double - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch
Soak StringDuration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch
Node numberCount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch
Percentage number - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch
Soak stringDuration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch_
node_ intcount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch_
percentage float - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch_
soak_ strduration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch
Node NumberCount - Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch
Percentage Number - Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch
Soak StringDuration - Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
ClusterNotificationConfig, ClusterNotificationConfigArgs
- Pubsub
Cluster
Notification Config Pubsub - The pubsub config for the cluster's upgrade notifications.
- Pubsub
Cluster
Notification Config Pubsub - The pubsub config for the cluster's upgrade notifications.
- pubsub
Cluster
Notification Config Pubsub - The pubsub config for the cluster's upgrade notifications.
- pubsub
Cluster
Notification Config Pubsub - The pubsub config for the cluster's upgrade notifications.
- pubsub
Cluster
Notification Config Pubsub - The pubsub config for the cluster's upgrade notifications.
- pubsub Property Map
- The pubsub config for the cluster's upgrade notifications.
ClusterNotificationConfigPubsub, ClusterNotificationConfigPubsubArgs
- Enabled bool
- Whether or not the notification config is enabled
- Filter
Cluster
Notification Config Pubsub Filter - Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
- Topic string
- The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format:
projects/{project}/topics/{topic}.
- Enabled bool
- Whether or not the notification config is enabled
- Filter
Cluster
Notification Config Pubsub Filter - Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
- Topic string
- The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format:
projects/{project}/topics/{topic}.
- enabled Boolean
- Whether or not the notification config is enabled
- filter
Cluster
Notification Config Pubsub Filter - Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
- topic String
- The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format:
projects/{project}/topics/{topic}.
- enabled boolean
- Whether or not the notification config is enabled
- filter
Cluster
Notification Config Pubsub Filter - Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
- topic string
- The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format:
projects/{project}/topics/{topic}.
- enabled bool
- Whether or not the notification config is enabled
- filter
Cluster
Notification Config Pubsub Filter - Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
- topic str
- The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format:
projects/{project}/topics/{topic}.
- enabled Boolean
- Whether or not the notification config is enabled
- filter Property Map
- Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
- topic String
- The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format:
projects/{project}/topics/{topic}.
ClusterNotificationConfigPubsubFilter, ClusterNotificationConfigPubsubFilterArgs
- Event
Types List<string> - Can be used to filter what notifications are sent. Accepted values are
UPGRADE_AVAILABLE_EVENT,UPGRADE_EVENT,SECURITY_BULLETIN_EVENTandUPGRADE_INFO_EVENT. See Filtering notifications for more details.
- Event
Types []string - Can be used to filter what notifications are sent. Accepted values are
UPGRADE_AVAILABLE_EVENT,UPGRADE_EVENT,SECURITY_BULLETIN_EVENTandUPGRADE_INFO_EVENT. See Filtering notifications for more details.
- event
Types List<String> - Can be used to filter what notifications are sent. Accepted values are
UPGRADE_AVAILABLE_EVENT,UPGRADE_EVENT,SECURITY_BULLETIN_EVENTandUPGRADE_INFO_EVENT. See Filtering notifications for more details.
- event
Types string[] - Can be used to filter what notifications are sent. Accepted values are
UPGRADE_AVAILABLE_EVENT,UPGRADE_EVENT,SECURITY_BULLETIN_EVENTandUPGRADE_INFO_EVENT. See Filtering notifications for more details.
- event_
types Sequence[str] - Can be used to filter what notifications are sent. Accepted values are
UPGRADE_AVAILABLE_EVENT,UPGRADE_EVENT,SECURITY_BULLETIN_EVENTandUPGRADE_INFO_EVENT. See Filtering notifications for more details.
- event
Types List<String> - Can be used to filter what notifications are sent. Accepted values are
UPGRADE_AVAILABLE_EVENT,UPGRADE_EVENT,SECURITY_BULLETIN_EVENTandUPGRADE_INFO_EVENT. See Filtering notifications for more details.
ClusterPodSecurityPolicyConfig, ClusterPodSecurityPolicyConfigArgs
- Enabled bool
- Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.
- Enabled bool
- Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.
- enabled Boolean
- Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.
- enabled boolean
- Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.
- enabled bool
- Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.
- enabled Boolean
- Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.
ClusterPrivateClusterConfig, ClusterPrivateClusterConfigArgs
- Enable
Private boolEndpoint - When
true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. Whenfalse, either endpoint can be used. This field only applies to private clusters, whenenable_private_nodesistrue. - Enable
Private boolNodes - Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
- Master
Global ClusterAccess Config Private Cluster Config Master Global Access Config - Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
- Master
Ipv4Cidr stringBlock - The IP range in CIDR notation to use for
the hosted master network. This range will be used for assigning private IP
addresses to the cluster master(s) and the ILB VIP. This range must not overlap
with any other ranges in use within the cluster's network, and it must be a /28
subnet. See Private Cluster Limitations
for more details. This field only applies to private clusters, when
enable_private_nodesistrue. - Peering
Name string - The name of the peering between this cluster and the Google owned VPC.
- Private
Endpoint string - The internal IP address of this cluster's master endpoint.
- Private
Endpoint stringSubnetwork - Subnetwork in cluster's network where master's endpoint will be provisioned.
- Public
Endpoint string The external IP address of this cluster's master endpoint.
!> The Google provider is unable to validate certain configurations of
private_cluster_configwhenenable_private_nodesisfalse. It's recommended that you omit the block entirely if the field is not set totrue.
- Enable
Private boolEndpoint - When
true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. Whenfalse, either endpoint can be used. This field only applies to private clusters, whenenable_private_nodesistrue. - Enable
Private boolNodes - Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
- Master
Global ClusterAccess Config Private Cluster Config Master Global Access Config - Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
- Master
Ipv4Cidr stringBlock - The IP range in CIDR notation to use for
the hosted master network. This range will be used for assigning private IP
addresses to the cluster master(s) and the ILB VIP. This range must not overlap
with any other ranges in use within the cluster's network, and it must be a /28
subnet. See Private Cluster Limitations
for more details. This field only applies to private clusters, when
enable_private_nodesistrue. - Peering
Name string - The name of the peering between this cluster and the Google owned VPC.
- Private
Endpoint string - The internal IP address of this cluster's master endpoint.
- Private
Endpoint stringSubnetwork - Subnetwork in cluster's network where master's endpoint will be provisioned.
- Public
Endpoint string The external IP address of this cluster's master endpoint.
!> The Google provider is unable to validate certain configurations of
private_cluster_configwhenenable_private_nodesisfalse. It's recommended that you omit the block entirely if the field is not set totrue.
- enable
Private BooleanEndpoint - When
true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. Whenfalse, either endpoint can be used. This field only applies to private clusters, whenenable_private_nodesistrue. - enable
Private BooleanNodes - Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
- master
Global ClusterAccess Config Private Cluster Config Master Global Access Config - Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
- master
Ipv4Cidr StringBlock - The IP range in CIDR notation to use for
the hosted master network. This range will be used for assigning private IP
addresses to the cluster master(s) and the ILB VIP. This range must not overlap
with any other ranges in use within the cluster's network, and it must be a /28
subnet. See Private Cluster Limitations
for more details. This field only applies to private clusters, when
enable_private_nodesistrue. - peering
Name String - The name of the peering between this cluster and the Google owned VPC.
- private
Endpoint String - The internal IP address of this cluster's master endpoint.
- private
Endpoint StringSubnetwork - Subnetwork in cluster's network where master's endpoint will be provisioned.
- public
Endpoint String The external IP address of this cluster's master endpoint.
!> The Google provider is unable to validate certain configurations of
private_cluster_configwhenenable_private_nodesisfalse. It's recommended that you omit the block entirely if the field is not set totrue.
- enable
Private booleanEndpoint - When
true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. Whenfalse, either endpoint can be used. This field only applies to private clusters, whenenable_private_nodesistrue. - enable
Private booleanNodes - Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
- master
Global ClusterAccess Config Private Cluster Config Master Global Access Config - Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
- master
Ipv4Cidr stringBlock - The IP range in CIDR notation to use for
the hosted master network. This range will be used for assigning private IP
addresses to the cluster master(s) and the ILB VIP. This range must not overlap
with any other ranges in use within the cluster's network, and it must be a /28
subnet. See Private Cluster Limitations
for more details. This field only applies to private clusters, when
enable_private_nodesistrue. - peering
Name string - The name of the peering between this cluster and the Google owned VPC.
- private
Endpoint string - The internal IP address of this cluster's master endpoint.
- private
Endpoint stringSubnetwork - Subnetwork in cluster's network where master's endpoint will be provisioned.
- public
Endpoint string The external IP address of this cluster's master endpoint.
!> The Google provider is unable to validate certain configurations of
private_cluster_configwhenenable_private_nodesisfalse. It's recommended that you omit the block entirely if the field is not set totrue.
- enable_
private_ boolendpoint - When
true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. Whenfalse, either endpoint can be used. This field only applies to private clusters, whenenable_private_nodesistrue. - enable_
private_ boolnodes - Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
- master_
global_ Clusteraccess_ config Private Cluster Config Master Global Access Config - Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
- master_
ipv4_ strcidr_ block - The IP range in CIDR notation to use for
the hosted master network. This range will be used for assigning private IP
addresses to the cluster master(s) and the ILB VIP. This range must not overlap
with any other ranges in use within the cluster's network, and it must be a /28
subnet. See Private Cluster Limitations
for more details. This field only applies to private clusters, when
enable_private_nodesistrue. - peering_
name str - The name of the peering between this cluster and the Google owned VPC.
- private_
endpoint str - The internal IP address of this cluster's master endpoint.
- private_
endpoint_ strsubnetwork - Subnetwork in cluster's network where master's endpoint will be provisioned.
- public_
endpoint str The external IP address of this cluster's master endpoint.
!> The Google provider is unable to validate certain configurations of
private_cluster_configwhenenable_private_nodesisfalse. It's recommended that you omit the block entirely if the field is not set totrue.
- enable
Private BooleanEndpoint - When
true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. Whenfalse, either endpoint can be used. This field only applies to private clusters, whenenable_private_nodesistrue. - enable
Private BooleanNodes - Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
- master
Global Property MapAccess Config - Controls cluster master global access settings. If unset, the provider will no longer manage this field and will not modify the previously-set value. Structure is documented below.
- master
Ipv4Cidr StringBlock - The IP range in CIDR notation to use for
the hosted master network. This range will be used for assigning private IP
addresses to the cluster master(s) and the ILB VIP. This range must not overlap
with any other ranges in use within the cluster's network, and it must be a /28
subnet. See Private Cluster Limitations
for more details. This field only applies to private clusters, when
enable_private_nodesistrue. - peering
Name String - The name of the peering between this cluster and the Google owned VPC.
- private
Endpoint String - The internal IP address of this cluster's master endpoint.
- private
Endpoint StringSubnetwork - Subnetwork in cluster's network where master's endpoint will be provisioned.
- public
Endpoint String The external IP address of this cluster's master endpoint.
!> The Google provider is unable to validate certain configurations of
private_cluster_configwhenenable_private_nodesisfalse. It's recommended that you omit the block entirely if the field is not set totrue.
ClusterPrivateClusterConfigMasterGlobalAccessConfig, ClusterPrivateClusterConfigMasterGlobalAccessConfigArgs
- Enabled bool
- Whether the cluster master is accessible globally or not.
- Enabled bool
- Whether the cluster master is accessible globally or not.
- enabled Boolean
- Whether the cluster master is accessible globally or not.
- enabled boolean
- Whether the cluster master is accessible globally or not.
- enabled bool
- Whether the cluster master is accessible globally or not.
- enabled Boolean
- Whether the cluster master is accessible globally or not.
ClusterProtectConfig, ClusterProtectConfigArgs
- Workload
Config ClusterProtect Config Workload Config - WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
- Workload
Vulnerability stringMode - Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.
- Workload
Config ClusterProtect Config Workload Config - WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
- Workload
Vulnerability stringMode - Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.
- workload
Config ClusterProtect Config Workload Config - WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
- workload
Vulnerability StringMode - Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.
- workload
Config ClusterProtect Config Workload Config - WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
- workload
Vulnerability stringMode - Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.
- workload_
config ClusterProtect Config Workload Config - WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
- workload_
vulnerability_ strmode - Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.
- workload
Config Property Map - WorkloadConfig defines which actions are enabled for a cluster's workload configurations. Structure is documented below
- workload
Vulnerability StringMode - Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.
ClusterProtectConfigWorkloadConfig, ClusterProtectConfigWorkloadConfigArgs
- Audit
Mode string - Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.
- Audit
Mode string - Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.
- audit
Mode String - Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.
- audit
Mode string - Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.
- audit_
mode str - Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.
- audit
Mode String - Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.
ClusterReleaseChannel, ClusterReleaseChannelArgs
- Channel string
- The selected release channel.
Accepted values are:
- UNSPECIFIED: Not set.
- RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
- REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
- STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
- EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.
- Channel string
- The selected release channel.
Accepted values are:
- UNSPECIFIED: Not set.
- RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
- REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
- STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
- EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.
- channel String
- The selected release channel.
Accepted values are:
- UNSPECIFIED: Not set.
- RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
- REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
- STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
- EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.
- channel string
- The selected release channel.
Accepted values are:
- UNSPECIFIED: Not set.
- RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
- REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
- STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
- EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.
- channel str
- The selected release channel.
Accepted values are:
- UNSPECIFIED: Not set.
- RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
- REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
- STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
- EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.
- channel String
- The selected release channel.
Accepted values are:
- UNSPECIFIED: Not set.
- RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.
- REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.
- STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.
- EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.
ClusterResourceUsageExportConfig, ClusterResourceUsageExportConfigArgs
- Bigquery
Destination ClusterResource Usage Export Config Bigquery Destination - Parameters for using BigQuery as the destination of resource usage export.
bigquery_destination.dataset_id(Required) - The ID of a BigQuery Dataset. For Example:
- Enable
Network boolEgress Metering - Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
- Enable
Resource boolConsumption Metering - Whether to enable resource
consumption metering on this cluster. When enabled, a table will be created in
the resource export BigQuery dataset to store resource consumption data. The
resulting table can be joined with the resource usage table or with BigQuery
billing export. Defaults to
true.
- Bigquery
Destination ClusterResource Usage Export Config Bigquery Destination - Parameters for using BigQuery as the destination of resource usage export.
bigquery_destination.dataset_id(Required) - The ID of a BigQuery Dataset. For Example:
- Enable
Network boolEgress Metering - Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
- Enable
Resource boolConsumption Metering - Whether to enable resource
consumption metering on this cluster. When enabled, a table will be created in
the resource export BigQuery dataset to store resource consumption data. The
resulting table can be joined with the resource usage table or with BigQuery
billing export. Defaults to
true.
- bigquery
Destination ClusterResource Usage Export Config Bigquery Destination - Parameters for using BigQuery as the destination of resource usage export.
bigquery_destination.dataset_id(Required) - The ID of a BigQuery Dataset. For Example:
- enable
Network BooleanEgress Metering - Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
- enable
Resource BooleanConsumption Metering - Whether to enable resource
consumption metering on this cluster. When enabled, a table will be created in
the resource export BigQuery dataset to store resource consumption data. The
resulting table can be joined with the resource usage table or with BigQuery
billing export. Defaults to
true.
- bigquery
Destination ClusterResource Usage Export Config Bigquery Destination - Parameters for using BigQuery as the destination of resource usage export.
bigquery_destination.dataset_id(Required) - The ID of a BigQuery Dataset. For Example:
- enable
Network booleanEgress Metering - Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
- enable
Resource booleanConsumption Metering - Whether to enable resource
consumption metering on this cluster. When enabled, a table will be created in
the resource export BigQuery dataset to store resource consumption data. The
resulting table can be joined with the resource usage table or with BigQuery
billing export. Defaults to
true.
- bigquery_
destination ClusterResource Usage Export Config Bigquery Destination - Parameters for using BigQuery as the destination of resource usage export.
bigquery_destination.dataset_id(Required) - The ID of a BigQuery Dataset. For Example:
- enable_
network_ boolegress_ metering - Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
- enable_
resource_ boolconsumption_ metering - Whether to enable resource
consumption metering on this cluster. When enabled, a table will be created in
the resource export BigQuery dataset to store resource consumption data. The
resulting table can be joined with the resource usage table or with BigQuery
billing export. Defaults to
true.
- bigquery
Destination Property Map - Parameters for using BigQuery as the destination of resource usage export.
bigquery_destination.dataset_id(Required) - The ID of a BigQuery Dataset. For Example:
- enable
Network BooleanEgress Metering - Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
- enable
Resource BooleanConsumption Metering - Whether to enable resource
consumption metering on this cluster. When enabled, a table will be created in
the resource export BigQuery dataset to store resource consumption data. The
resulting table can be joined with the resource usage table or with BigQuery
billing export. Defaults to
true.
ClusterResourceUsageExportConfigBigqueryDestination, ClusterResourceUsageExportConfigBigqueryDestinationArgs
- Dataset
Id string - The ID of a BigQuery Dataset.
- Dataset
Id string - The ID of a BigQuery Dataset.
- dataset
Id String - The ID of a BigQuery Dataset.
- dataset
Id string - The ID of a BigQuery Dataset.
- dataset_
id str - The ID of a BigQuery Dataset.
- dataset
Id String - The ID of a BigQuery Dataset.
ClusterSecretManagerConfig, ClusterSecretManagerConfigArgs
- Enabled bool
- Enable the Secret Manager add-on for this cluster.
- Enabled bool
- Enable the Secret Manager add-on for this cluster.
- enabled Boolean
- Enable the Secret Manager add-on for this cluster.
- enabled boolean
- Enable the Secret Manager add-on for this cluster.
- enabled bool
- Enable the Secret Manager add-on for this cluster.
- enabled Boolean
- Enable the Secret Manager add-on for this cluster.
ClusterSecurityPostureConfig, ClusterSecurityPostureConfigArgs
- Mode string
- Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include
DISABLED,BASIC, andENTERPRISE. - Vulnerability
Mode string - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include
VULNERABILITY_DISABLED,VULNERABILITY_BASICandVULNERABILITY_ENTERPRISE.
- Mode string
- Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include
DISABLED,BASIC, andENTERPRISE. - Vulnerability
Mode string - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include
VULNERABILITY_DISABLED,VULNERABILITY_BASICandVULNERABILITY_ENTERPRISE.
- mode String
- Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include
DISABLED,BASIC, andENTERPRISE. - vulnerability
Mode String - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include
VULNERABILITY_DISABLED,VULNERABILITY_BASICandVULNERABILITY_ENTERPRISE.
- mode string
- Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include
DISABLED,BASIC, andENTERPRISE. - vulnerability
Mode string - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include
VULNERABILITY_DISABLED,VULNERABILITY_BASICandVULNERABILITY_ENTERPRISE.
- mode str
- Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include
DISABLED,BASIC, andENTERPRISE. - vulnerability_
mode str - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include
VULNERABILITY_DISABLED,VULNERABILITY_BASICandVULNERABILITY_ENTERPRISE.
- mode String
- Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include
DISABLED,BASIC, andENTERPRISE. - vulnerability
Mode String - Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include
VULNERABILITY_DISABLED,VULNERABILITY_BASICandVULNERABILITY_ENTERPRISE.
ClusterServiceExternalIpsConfig, ClusterServiceExternalIpsConfigArgs
- Enabled bool
- Controls whether external ips specified by a service will be allowed. It is enabled by default.
- Enabled bool
- Controls whether external ips specified by a service will be allowed. It is enabled by default.
- enabled Boolean
- Controls whether external ips specified by a service will be allowed. It is enabled by default.
- enabled boolean
- Controls whether external ips specified by a service will be allowed. It is enabled by default.
- enabled bool
- Controls whether external ips specified by a service will be allowed. It is enabled by default.
- enabled Boolean
- Controls whether external ips specified by a service will be allowed. It is enabled by default.
ClusterTpuConfig, ClusterTpuConfigArgs
- Enabled bool
- Whether Cloud TPU integration is enabled or not
- Ipv4Cidr
Block string - IPv4 CIDR block reserved for Cloud TPU in the VPC.
- Use
Service boolNetworking - Whether to use service networking for Cloud TPU or not
- Enabled bool
- Whether Cloud TPU integration is enabled or not
- Ipv4Cidr
Block string - IPv4 CIDR block reserved for Cloud TPU in the VPC.
- Use
Service boolNetworking - Whether to use service networking for Cloud TPU or not
- enabled Boolean
- Whether Cloud TPU integration is enabled or not
- ipv4Cidr
Block String - IPv4 CIDR block reserved for Cloud TPU in the VPC.
- use
Service BooleanNetworking - Whether to use service networking for Cloud TPU or not
- enabled boolean
- Whether Cloud TPU integration is enabled or not
- ipv4Cidr
Block string - IPv4 CIDR block reserved for Cloud TPU in the VPC.
- use
Service booleanNetworking - Whether to use service networking for Cloud TPU or not
- enabled bool
- Whether Cloud TPU integration is enabled or not
- ipv4_
cidr_ strblock - IPv4 CIDR block reserved for Cloud TPU in the VPC.
- use_
service_ boolnetworking - Whether to use service networking for Cloud TPU or not
- enabled Boolean
- Whether Cloud TPU integration is enabled or not
- ipv4Cidr
Block String - IPv4 CIDR block reserved for Cloud TPU in the VPC.
- use
Service BooleanNetworking - Whether to use service networking for Cloud TPU or not
ClusterUserManagedKeysConfig, ClusterUserManagedKeysConfigArgs
- Aggregation
Ca string - The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
- Cluster
Ca string - The Certificate Authority Service caPool to use for the cluster CA in this cluster.
- Control
Plane stringDisk Encryption Key - The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
- Etcd
Api stringCa - The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
- Etcd
Peer stringCa - The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
- Gkeops
Etcd stringBackup Encryption Key - Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
- Service
Account List<string>Signing Keys - The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
- Service
Account List<string>Verification Keys - The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.
- Aggregation
Ca string - The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
- Cluster
Ca string - The Certificate Authority Service caPool to use for the cluster CA in this cluster.
- Control
Plane stringDisk Encryption Key - The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
- Etcd
Api stringCa - The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
- Etcd
Peer stringCa - The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
- Gkeops
Etcd stringBackup Encryption Key - Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
- Service
Account []stringSigning Keys - The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
- Service
Account []stringVerification Keys - The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.
- aggregation
Ca String - The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
- cluster
Ca String - The Certificate Authority Service caPool to use for the cluster CA in this cluster.
- control
Plane StringDisk Encryption Key - The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
- etcd
Api StringCa - The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
- etcd
Peer StringCa - The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
- gkeops
Etcd StringBackup Encryption Key - Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
- service
Account List<String>Signing Keys - The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
- service
Account List<String>Verification Keys - The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.
- aggregation
Ca string - The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
- cluster
Ca string - The Certificate Authority Service caPool to use for the cluster CA in this cluster.
- control
Plane stringDisk Encryption Key - The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
- etcd
Api stringCa - The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
- etcd
Peer stringCa - The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
- gkeops
Etcd stringBackup Encryption Key - Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
- service
Account string[]Signing Keys - The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
- service
Account string[]Verification Keys - The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.
- aggregation_
ca str - The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
- cluster_
ca str - The Certificate Authority Service caPool to use for the cluster CA in this cluster.
- control_
plane_ strdisk_ encryption_ key - The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
- etcd_
api_ strca - The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
- etcd_
peer_ strca - The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
- gkeops_
etcd_ strbackup_ encryption_ key - Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
- service_
account_ Sequence[str]signing_ keys - The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
- service_
account_ Sequence[str]verification_ keys - The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.
- aggregation
Ca String - The Certificate Authority Service caPool to use for the aggreation CA in this cluster.
- cluster
Ca String - The Certificate Authority Service caPool to use for the cluster CA in this cluster.
- control
Plane StringDisk Encryption Key - The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.
- etcd
Api StringCa - The Certificate Authority Service caPool to use for the etcd API CA in this cluster.
- etcd
Peer StringCa - The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.
- gkeops
Etcd StringBackup Encryption Key - Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.
- service
Account List<String>Signing Keys - The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.
- service
Account List<String>Verification Keys - The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.
ClusterVerticalPodAutoscaling, ClusterVerticalPodAutoscalingArgs
- Enabled bool
- Enables vertical pod autoscaling
- Enabled bool
- Enables vertical pod autoscaling
- enabled Boolean
- Enables vertical pod autoscaling
- enabled boolean
- Enables vertical pod autoscaling
- enabled bool
- Enables vertical pod autoscaling
- enabled Boolean
- Enables vertical pod autoscaling
ClusterWorkloadAltsConfig, ClusterWorkloadAltsConfigArgs
- Enable
Alts bool - Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).
- Enable
Alts bool - Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).
- enable
Alts Boolean - Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).
- enable
Alts boolean - Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).
- enable_
alts bool - Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).
- enable
Alts Boolean - Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty).
ClusterWorkloadIdentityConfig, ClusterWorkloadIdentityConfigArgs
- Workload
Pool string - The workload pool to attach all Kubernetes service accounts to.
- Workload
Pool string - The workload pool to attach all Kubernetes service accounts to.
- workload
Pool String - The workload pool to attach all Kubernetes service accounts to.
- workload
Pool string - The workload pool to attach all Kubernetes service accounts to.
- workload_
pool str - The workload pool to attach all Kubernetes service accounts to.
- workload
Pool String - The workload pool to attach all Kubernetes service accounts to.
Import
GKE clusters can be imported using the project , location, and name. If the project is omitted, the default
provider value will be used. Examples:
projects/{{project_id}}/locations/{{location}}/clusters/{{cluster_id}}{{project_id}}/{{location}}/{{cluster_id}}{{location}}/{{cluster_id}}
When using the pulumi import command, GKE clusters can be imported using one of the formats above. For example:
$ pulumi import gcp:container/cluster:Cluster default projects/{{project_id}}/locations/{{location}}/clusters/{{cluster_id}}
$ pulumi import gcp:container/cluster:Cluster default {{project_id}}/{{location}}/{{cluster_id}}
$ pulumi import gcp:container/cluster:Cluster default {{location}}/{{cluster_id}}
For example, the following fields will show diffs if set in config:
min_master_versionremove_default_node_pool
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.