The gcp:gkeonprem/bareMetalCluster:BareMetalCluster resource, part of the Pulumi GCP provider, provisions a GKE on bare metal user cluster: its control plane nodes, networking, load balancing, and storage configuration. This guide focuses on three capabilities: MetalLB, manual, and BGP load balancing; island mode networking with CIDR configuration; and local volume provisioning for persistent storage.
Bare metal clusters belong to a GKE on-prem admin cluster and run on physical nodes you provision separately. The examples are intentionally small. Combine them with your own admin cluster membership, physical infrastructure, and operational policies.
Deploy a cluster with MetalLB load balancing
Most bare metal Kubernetes deployments establish control plane nodes, networking, and load balancing as a foundation. MetalLB provides Layer 2 or BGP-based load balancing without requiring external hardware load balancers.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const cluster_basic = new gcp.gkeonprem.BareMetalCluster("cluster-basic", {
name: "my-cluster",
location: "us-west1",
adminClusterMembership: "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
bareMetalVersion: "1.12.3",
networkConfig: {
islandModeCidr: {
serviceAddressCidrBlocks: ["172.26.0.0/16"],
podAddressCidrBlocks: ["10.240.0.0/13"],
},
},
controlPlane: {
controlPlaneNodePoolConfig: {
nodePoolConfig: {
labels: {},
operatingSystem: "LINUX",
nodeConfigs: [{
labels: {},
nodeIp: "10.200.0.9",
}],
},
},
},
loadBalancer: {
portConfig: {
controlPlaneLoadBalancerPort: 443,
},
vipConfig: {
controlPlaneVip: "10.200.0.13",
ingressVip: "10.200.0.14",
},
metalLbConfig: {
addressPools: [{
pool: "pool1",
addresses: [
"10.200.0.14/32",
"10.200.0.15/32",
"10.200.0.16/32",
"10.200.0.17/32",
"10.200.0.18/32",
"fd00:1::f/128",
"fd00:1::10/128",
"fd00:1::11/128",
"fd00:1::12/128",
],
avoidBuggyIps: true,
manualAssign: true,
}],
},
},
storage: {
lvpShareConfig: {
lvpConfig: {
path: "/mnt/localpv-share",
storageClass: "local-shared",
},
sharedPathPvCount: 5,
},
lvpNodeMountsConfig: {
path: "/mnt/localpv-disk",
storageClass: "local-disks",
},
},
securityConfig: {
authorization: {
adminUsers: [{
username: "admin@hashicorptest.com",
}],
},
},
});
import pulumi
import pulumi_gcp as gcp
cluster_basic = gcp.gkeonprem.BareMetalCluster("cluster-basic",
name="my-cluster",
location="us-west1",
admin_cluster_membership="projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
bare_metal_version="1.12.3",
network_config={
"island_mode_cidr": {
"service_address_cidr_blocks": ["172.26.0.0/16"],
"pod_address_cidr_blocks": ["10.240.0.0/13"],
},
},
control_plane={
"control_plane_node_pool_config": {
"node_pool_config": {
"labels": {},
"operating_system": "LINUX",
"node_configs": [{
"labels": {},
"node_ip": "10.200.0.9",
}],
},
},
},
load_balancer={
"port_config": {
"control_plane_load_balancer_port": 443,
},
"vip_config": {
"control_plane_vip": "10.200.0.13",
"ingress_vip": "10.200.0.14",
},
"metal_lb_config": {
"address_pools": [{
"pool": "pool1",
"addresses": [
"10.200.0.14/32",
"10.200.0.15/32",
"10.200.0.16/32",
"10.200.0.17/32",
"10.200.0.18/32",
"fd00:1::f/128",
"fd00:1::10/128",
"fd00:1::11/128",
"fd00:1::12/128",
],
"avoid_buggy_ips": True,
"manual_assign": True,
}],
},
},
storage={
"lvp_share_config": {
"lvp_config": {
"path": "/mnt/localpv-share",
"storage_class": "local-shared",
},
"shared_path_pv_count": 5,
},
"lvp_node_mounts_config": {
"path": "/mnt/localpv-disk",
"storage_class": "local-disks",
},
},
security_config={
"authorization": {
"admin_users": [{
"username": "admin@hashicorptest.com",
}],
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/gkeonprem"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gkeonprem.NewBareMetalCluster(ctx, "cluster-basic", &gkeonprem.BareMetalClusterArgs{
Name: pulumi.String("my-cluster"),
Location: pulumi.String("us-west1"),
AdminClusterMembership: pulumi.String("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test"),
BareMetalVersion: pulumi.String("1.12.3"),
NetworkConfig: &gkeonprem.BareMetalClusterNetworkConfigArgs{
IslandModeCidr: &gkeonprem.BareMetalClusterNetworkConfigIslandModeCidrArgs{
ServiceAddressCidrBlocks: pulumi.StringArray{
pulumi.String("172.26.0.0/16"),
},
PodAddressCidrBlocks: pulumi.StringArray{
pulumi.String("10.240.0.0/13"),
},
},
},
ControlPlane: &gkeonprem.BareMetalClusterControlPlaneArgs{
ControlPlaneNodePoolConfig: &gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs{
NodePoolConfig: &gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs{
Labels: pulumi.StringMap{},
OperatingSystem: pulumi.String("LINUX"),
NodeConfigs: gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArray{
&gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArgs{
Labels: pulumi.StringMap{},
NodeIp: pulumi.String("10.200.0.9"),
},
},
},
},
},
LoadBalancer: &gkeonprem.BareMetalClusterLoadBalancerArgs{
PortConfig: &gkeonprem.BareMetalClusterLoadBalancerPortConfigArgs{
ControlPlaneLoadBalancerPort: pulumi.Int(443),
},
VipConfig: &gkeonprem.BareMetalClusterLoadBalancerVipConfigArgs{
ControlPlaneVip: pulumi.String("10.200.0.13"),
IngressVip: pulumi.String("10.200.0.14"),
},
MetalLbConfig: &gkeonprem.BareMetalClusterLoadBalancerMetalLbConfigArgs{
AddressPools: gkeonprem.BareMetalClusterLoadBalancerMetalLbConfigAddressPoolArray{
&gkeonprem.BareMetalClusterLoadBalancerMetalLbConfigAddressPoolArgs{
Pool: pulumi.String("pool1"),
Addresses: pulumi.StringArray{
pulumi.String("10.200.0.14/32"),
pulumi.String("10.200.0.15/32"),
pulumi.String("10.200.0.16/32"),
pulumi.String("10.200.0.17/32"),
pulumi.String("10.200.0.18/32"),
pulumi.String("fd00:1::f/128"),
pulumi.String("fd00:1::10/128"),
pulumi.String("fd00:1::11/128"),
pulumi.String("fd00:1::12/128"),
},
AvoidBuggyIps: pulumi.Bool(true),
ManualAssign: pulumi.Bool(true),
},
},
},
},
Storage: &gkeonprem.BareMetalClusterStorageArgs{
LvpShareConfig: &gkeonprem.BareMetalClusterStorageLvpShareConfigArgs{
LvpConfig: &gkeonprem.BareMetalClusterStorageLvpShareConfigLvpConfigArgs{
Path: pulumi.String("/mnt/localpv-share"),
StorageClass: pulumi.String("local-shared"),
},
SharedPathPvCount: pulumi.Int(5),
},
LvpNodeMountsConfig: &gkeonprem.BareMetalClusterStorageLvpNodeMountsConfigArgs{
Path: pulumi.String("/mnt/localpv-disk"),
StorageClass: pulumi.String("local-disks"),
},
},
SecurityConfig: &gkeonprem.BareMetalClusterSecurityConfigArgs{
Authorization: &gkeonprem.BareMetalClusterSecurityConfigAuthorizationArgs{
AdminUsers: gkeonprem.BareMetalClusterSecurityConfigAuthorizationAdminUserArray{
&gkeonprem.BareMetalClusterSecurityConfigAuthorizationAdminUserArgs{
Username: pulumi.String("admin@hashicorptest.com"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var cluster_basic = new Gcp.GkeOnPrem.BareMetalCluster("cluster-basic", new()
{
Name = "my-cluster",
Location = "us-west1",
AdminClusterMembership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
BareMetalVersion = "1.12.3",
NetworkConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterNetworkConfigArgs
{
IslandModeCidr = new Gcp.GkeOnPrem.Inputs.BareMetalClusterNetworkConfigIslandModeCidrArgs
{
ServiceAddressCidrBlocks = new[]
{
"172.26.0.0/16",
},
PodAddressCidrBlocks = new[]
{
"10.240.0.0/13",
},
},
},
ControlPlane = new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneArgs
{
ControlPlaneNodePoolConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs
{
NodePoolConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs
{
Labels = null,
OperatingSystem = "LINUX",
NodeConfigs = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArgs
{
Labels = null,
NodeIp = "10.200.0.9",
},
},
},
},
},
LoadBalancer = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerArgs
{
PortConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerPortConfigArgs
{
ControlPlaneLoadBalancerPort = 443,
},
VipConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerVipConfigArgs
{
ControlPlaneVip = "10.200.0.13",
IngressVip = "10.200.0.14",
},
MetalLbConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerMetalLbConfigArgs
{
AddressPools = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerMetalLbConfigAddressPoolArgs
{
Pool = "pool1",
Addresses = new[]
{
"10.200.0.14/32",
"10.200.0.15/32",
"10.200.0.16/32",
"10.200.0.17/32",
"10.200.0.18/32",
"fd00:1::f/128",
"fd00:1::10/128",
"fd00:1::11/128",
"fd00:1::12/128",
},
AvoidBuggyIps = true,
ManualAssign = true,
},
},
},
},
Storage = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageArgs
{
LvpShareConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageLvpShareConfigArgs
{
LvpConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageLvpShareConfigLvpConfigArgs
{
Path = "/mnt/localpv-share",
StorageClass = "local-shared",
},
SharedPathPvCount = 5,
},
LvpNodeMountsConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageLvpNodeMountsConfigArgs
{
Path = "/mnt/localpv-disk",
StorageClass = "local-disks",
},
},
SecurityConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterSecurityConfigArgs
{
Authorization = new Gcp.GkeOnPrem.Inputs.BareMetalClusterSecurityConfigAuthorizationArgs
{
AdminUsers = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterSecurityConfigAuthorizationAdminUserArgs
{
Username = "admin@hashicorptest.com",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.gkeonprem.BareMetalCluster;
import com.pulumi.gcp.gkeonprem.BareMetalClusterArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterNetworkConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterNetworkConfigIslandModeCidrArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterControlPlaneArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerPortConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerVipConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerMetalLbConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageLvpShareConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageLvpShareConfigLvpConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageLvpNodeMountsConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterSecurityConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterSecurityConfigAuthorizationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster_basic = new BareMetalCluster("cluster-basic", BareMetalClusterArgs.builder()
.name("my-cluster")
.location("us-west1")
.adminClusterMembership("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test")
.bareMetalVersion("1.12.3")
.networkConfig(BareMetalClusterNetworkConfigArgs.builder()
.islandModeCidr(BareMetalClusterNetworkConfigIslandModeCidrArgs.builder()
.serviceAddressCidrBlocks("172.26.0.0/16")
.podAddressCidrBlocks("10.240.0.0/13")
.build())
.build())
.controlPlane(BareMetalClusterControlPlaneArgs.builder()
.controlPlaneNodePoolConfig(BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs.builder()
.nodePoolConfig(BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs.builder()
.labels(Map.ofEntries(
))
.operatingSystem("LINUX")
.nodeConfigs(BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArgs.builder()
.labels(Map.ofEntries(
))
.nodeIp("10.200.0.9")
.build())
.build())
.build())
.build())
.loadBalancer(BareMetalClusterLoadBalancerArgs.builder()
.portConfig(BareMetalClusterLoadBalancerPortConfigArgs.builder()
.controlPlaneLoadBalancerPort(443)
.build())
.vipConfig(BareMetalClusterLoadBalancerVipConfigArgs.builder()
.controlPlaneVip("10.200.0.13")
.ingressVip("10.200.0.14")
.build())
.metalLbConfig(BareMetalClusterLoadBalancerMetalLbConfigArgs.builder()
.addressPools(BareMetalClusterLoadBalancerMetalLbConfigAddressPoolArgs.builder()
.pool("pool1")
.addresses(
"10.200.0.14/32",
"10.200.0.15/32",
"10.200.0.16/32",
"10.200.0.17/32",
"10.200.0.18/32",
"fd00:1::f/128",
"fd00:1::10/128",
"fd00:1::11/128",
"fd00:1::12/128")
.avoidBuggyIps(true)
.manualAssign(true)
.build())
.build())
.build())
.storage(BareMetalClusterStorageArgs.builder()
.lvpShareConfig(BareMetalClusterStorageLvpShareConfigArgs.builder()
.lvpConfig(BareMetalClusterStorageLvpShareConfigLvpConfigArgs.builder()
.path("/mnt/localpv-share")
.storageClass("local-shared")
.build())
.sharedPathPvCount(5)
.build())
.lvpNodeMountsConfig(BareMetalClusterStorageLvpNodeMountsConfigArgs.builder()
.path("/mnt/localpv-disk")
.storageClass("local-disks")
.build())
.build())
.securityConfig(BareMetalClusterSecurityConfigArgs.builder()
.authorization(BareMetalClusterSecurityConfigAuthorizationArgs.builder()
.adminUsers(BareMetalClusterSecurityConfigAuthorizationAdminUserArgs.builder()
.username("admin@hashicorptest.com")
.build())
.build())
.build())
.build());
}
}
resources:
cluster-basic:
type: gcp:gkeonprem:BareMetalCluster
properties:
name: my-cluster
location: us-west1
adminClusterMembership: projects/870316890899/locations/global/memberships/gkeonprem-terraform-test
bareMetalVersion: 1.12.3
networkConfig:
islandModeCidr:
serviceAddressCidrBlocks:
- 172.26.0.0/16
podAddressCidrBlocks:
- 10.240.0.0/13
controlPlane:
controlPlaneNodePoolConfig:
nodePoolConfig:
labels: {}
operatingSystem: LINUX
nodeConfigs:
- labels: {}
nodeIp: 10.200.0.9
loadBalancer:
portConfig:
controlPlaneLoadBalancerPort: 443
vipConfig:
controlPlaneVip: 10.200.0.13
ingressVip: 10.200.0.14
metalLbConfig:
addressPools:
- pool: pool1
addresses:
- 10.200.0.14/32
- 10.200.0.15/32
- 10.200.0.16/32
- 10.200.0.17/32
- 10.200.0.18/32
- fd00:1::f/128
- fd00:1::10/128
- fd00:1::11/128
- fd00:1::12/128
avoidBuggyIps: true
manualAssign: true
storage:
lvpShareConfig:
lvpConfig:
path: /mnt/localpv-share
storageClass: local-shared
sharedPathPvCount: 5
lvpNodeMountsConfig:
path: /mnt/localpv-disk
storageClass: local-disks
securityConfig:
authorization:
adminUsers:
- username: admin@hashicorptest.com
The adminClusterMembership connects this user cluster to its parent admin cluster. The networkConfig defines island mode networking, where islandModeCidr specifies isolated CIDR blocks for pods and services. The controlPlane section defines control plane nodes by IP address, while loadBalancer configures MetalLB with an addressPools list for automatic IP assignment. The storage section sets up local volume provisioning using lvpShareConfig for shared storage and lvpNodeMountsConfig for node-local disks.
Configure manual load balancer integration
Some environments use existing hardware load balancers rather than automated address pool management.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const cluster_manuallb = new gcp.gkeonprem.BareMetalCluster("cluster-manuallb", {
name: "cluster-manuallb",
location: "us-west1",
adminClusterMembership: "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
bareMetalVersion: "1.12.3",
networkConfig: {
islandModeCidr: {
serviceAddressCidrBlocks: ["172.26.0.0/16"],
podAddressCidrBlocks: ["10.240.0.0/13"],
},
},
controlPlane: {
controlPlaneNodePoolConfig: {
nodePoolConfig: {
labels: {},
operatingSystem: "LINUX",
nodeConfigs: [{
labels: {},
nodeIp: "10.200.0.9",
}],
},
},
},
loadBalancer: {
portConfig: {
controlPlaneLoadBalancerPort: 443,
},
vipConfig: {
controlPlaneVip: "10.200.0.13",
ingressVip: "10.200.0.14",
},
manualLbConfig: {
enabled: true,
},
},
storage: {
lvpShareConfig: {
lvpConfig: {
path: "/mnt/localpv-share",
storageClass: "local-shared",
},
sharedPathPvCount: 5,
},
lvpNodeMountsConfig: {
path: "/mnt/localpv-disk",
storageClass: "local-disks",
},
},
securityConfig: {
authorization: {
adminUsers: [{
username: "admin@hashicorptest.com",
}],
},
},
binaryAuthorization: {
evaluationMode: "DISABLED",
},
upgradePolicy: {
policy: "SERIAL",
},
});
import pulumi
import pulumi_gcp as gcp
cluster_manuallb = gcp.gkeonprem.BareMetalCluster("cluster-manuallb",
name="cluster-manuallb",
location="us-west1",
admin_cluster_membership="projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
bare_metal_version="1.12.3",
network_config={
"island_mode_cidr": {
"service_address_cidr_blocks": ["172.26.0.0/16"],
"pod_address_cidr_blocks": ["10.240.0.0/13"],
},
},
control_plane={
"control_plane_node_pool_config": {
"node_pool_config": {
"labels": {},
"operating_system": "LINUX",
"node_configs": [{
"labels": {},
"node_ip": "10.200.0.9",
}],
},
},
},
load_balancer={
"port_config": {
"control_plane_load_balancer_port": 443,
},
"vip_config": {
"control_plane_vip": "10.200.0.13",
"ingress_vip": "10.200.0.14",
},
"manual_lb_config": {
"enabled": True,
},
},
storage={
"lvp_share_config": {
"lvp_config": {
"path": "/mnt/localpv-share",
"storage_class": "local-shared",
},
"shared_path_pv_count": 5,
},
"lvp_node_mounts_config": {
"path": "/mnt/localpv-disk",
"storage_class": "local-disks",
},
},
security_config={
"authorization": {
"admin_users": [{
"username": "admin@hashicorptest.com",
}],
},
},
binary_authorization={
"evaluation_mode": "DISABLED",
},
upgrade_policy={
"policy": "SERIAL",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/gkeonprem"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gkeonprem.NewBareMetalCluster(ctx, "cluster-manuallb", &gkeonprem.BareMetalClusterArgs{
Name: pulumi.String("cluster-manuallb"),
Location: pulumi.String("us-west1"),
AdminClusterMembership: pulumi.String("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test"),
BareMetalVersion: pulumi.String("1.12.3"),
NetworkConfig: &gkeonprem.BareMetalClusterNetworkConfigArgs{
IslandModeCidr: &gkeonprem.BareMetalClusterNetworkConfigIslandModeCidrArgs{
ServiceAddressCidrBlocks: pulumi.StringArray{
pulumi.String("172.26.0.0/16"),
},
PodAddressCidrBlocks: pulumi.StringArray{
pulumi.String("10.240.0.0/13"),
},
},
},
ControlPlane: &gkeonprem.BareMetalClusterControlPlaneArgs{
ControlPlaneNodePoolConfig: &gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs{
NodePoolConfig: &gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs{
Labels: pulumi.StringMap{},
OperatingSystem: pulumi.String("LINUX"),
NodeConfigs: gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArray{
&gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArgs{
Labels: pulumi.StringMap{},
NodeIp: pulumi.String("10.200.0.9"),
},
},
},
},
},
LoadBalancer: &gkeonprem.BareMetalClusterLoadBalancerArgs{
PortConfig: &gkeonprem.BareMetalClusterLoadBalancerPortConfigArgs{
ControlPlaneLoadBalancerPort: pulumi.Int(443),
},
VipConfig: &gkeonprem.BareMetalClusterLoadBalancerVipConfigArgs{
ControlPlaneVip: pulumi.String("10.200.0.13"),
IngressVip: pulumi.String("10.200.0.14"),
},
ManualLbConfig: &gkeonprem.BareMetalClusterLoadBalancerManualLbConfigArgs{
Enabled: pulumi.Bool(true),
},
},
Storage: &gkeonprem.BareMetalClusterStorageArgs{
LvpShareConfig: &gkeonprem.BareMetalClusterStorageLvpShareConfigArgs{
LvpConfig: &gkeonprem.BareMetalClusterStorageLvpShareConfigLvpConfigArgs{
Path: pulumi.String("/mnt/localpv-share"),
StorageClass: pulumi.String("local-shared"),
},
SharedPathPvCount: pulumi.Int(5),
},
LvpNodeMountsConfig: &gkeonprem.BareMetalClusterStorageLvpNodeMountsConfigArgs{
Path: pulumi.String("/mnt/localpv-disk"),
StorageClass: pulumi.String("local-disks"),
},
},
SecurityConfig: &gkeonprem.BareMetalClusterSecurityConfigArgs{
Authorization: &gkeonprem.BareMetalClusterSecurityConfigAuthorizationArgs{
AdminUsers: gkeonprem.BareMetalClusterSecurityConfigAuthorizationAdminUserArray{
&gkeonprem.BareMetalClusterSecurityConfigAuthorizationAdminUserArgs{
Username: pulumi.String("admin@hashicorptest.com"),
},
},
},
},
BinaryAuthorization: &gkeonprem.BareMetalClusterBinaryAuthorizationArgs{
EvaluationMode: pulumi.String("DISABLED"),
},
UpgradePolicy: &gkeonprem.BareMetalClusterUpgradePolicyArgs{
Policy: pulumi.String("SERIAL"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var cluster_manuallb = new Gcp.GkeOnPrem.BareMetalCluster("cluster-manuallb", new()
{
Name = "cluster-manuallb",
Location = "us-west1",
AdminClusterMembership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
BareMetalVersion = "1.12.3",
NetworkConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterNetworkConfigArgs
{
IslandModeCidr = new Gcp.GkeOnPrem.Inputs.BareMetalClusterNetworkConfigIslandModeCidrArgs
{
ServiceAddressCidrBlocks = new[]
{
"172.26.0.0/16",
},
PodAddressCidrBlocks = new[]
{
"10.240.0.0/13",
},
},
},
ControlPlane = new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneArgs
{
ControlPlaneNodePoolConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs
{
NodePoolConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs
{
Labels = null,
OperatingSystem = "LINUX",
NodeConfigs = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArgs
{
Labels = null,
NodeIp = "10.200.0.9",
},
},
},
},
},
LoadBalancer = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerArgs
{
PortConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerPortConfigArgs
{
ControlPlaneLoadBalancerPort = 443,
},
VipConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerVipConfigArgs
{
ControlPlaneVip = "10.200.0.13",
IngressVip = "10.200.0.14",
},
ManualLbConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerManualLbConfigArgs
{
Enabled = true,
},
},
Storage = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageArgs
{
LvpShareConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageLvpShareConfigArgs
{
LvpConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageLvpShareConfigLvpConfigArgs
{
Path = "/mnt/localpv-share",
StorageClass = "local-shared",
},
SharedPathPvCount = 5,
},
LvpNodeMountsConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageLvpNodeMountsConfigArgs
{
Path = "/mnt/localpv-disk",
StorageClass = "local-disks",
},
},
SecurityConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterSecurityConfigArgs
{
Authorization = new Gcp.GkeOnPrem.Inputs.BareMetalClusterSecurityConfigAuthorizationArgs
{
AdminUsers = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterSecurityConfigAuthorizationAdminUserArgs
{
Username = "admin@hashicorptest.com",
},
},
},
},
BinaryAuthorization = new Gcp.GkeOnPrem.Inputs.BareMetalClusterBinaryAuthorizationArgs
{
EvaluationMode = "DISABLED",
},
UpgradePolicy = new Gcp.GkeOnPrem.Inputs.BareMetalClusterUpgradePolicyArgs
{
Policy = "SERIAL",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.gkeonprem.BareMetalCluster;
import com.pulumi.gcp.gkeonprem.BareMetalClusterArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterNetworkConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterNetworkConfigIslandModeCidrArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterControlPlaneArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerPortConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerVipConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerManualLbConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageLvpShareConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageLvpShareConfigLvpConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageLvpNodeMountsConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterSecurityConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterSecurityConfigAuthorizationArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterBinaryAuthorizationArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterUpgradePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster_manuallb = new BareMetalCluster("cluster-manuallb", BareMetalClusterArgs.builder()
.name("cluster-manuallb")
.location("us-west1")
.adminClusterMembership("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test")
.bareMetalVersion("1.12.3")
.networkConfig(BareMetalClusterNetworkConfigArgs.builder()
.islandModeCidr(BareMetalClusterNetworkConfigIslandModeCidrArgs.builder()
.serviceAddressCidrBlocks("172.26.0.0/16")
.podAddressCidrBlocks("10.240.0.0/13")
.build())
.build())
.controlPlane(BareMetalClusterControlPlaneArgs.builder()
.controlPlaneNodePoolConfig(BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs.builder()
.nodePoolConfig(BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs.builder()
.labels(Map.ofEntries(
))
.operatingSystem("LINUX")
.nodeConfigs(BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArgs.builder()
.labels(Map.ofEntries(
))
.nodeIp("10.200.0.9")
.build())
.build())
.build())
.build())
.loadBalancer(BareMetalClusterLoadBalancerArgs.builder()
.portConfig(BareMetalClusterLoadBalancerPortConfigArgs.builder()
.controlPlaneLoadBalancerPort(443)
.build())
.vipConfig(BareMetalClusterLoadBalancerVipConfigArgs.builder()
.controlPlaneVip("10.200.0.13")
.ingressVip("10.200.0.14")
.build())
.manualLbConfig(BareMetalClusterLoadBalancerManualLbConfigArgs.builder()
.enabled(true)
.build())
.build())
.storage(BareMetalClusterStorageArgs.builder()
.lvpShareConfig(BareMetalClusterStorageLvpShareConfigArgs.builder()
.lvpConfig(BareMetalClusterStorageLvpShareConfigLvpConfigArgs.builder()
.path("/mnt/localpv-share")
.storageClass("local-shared")
.build())
.sharedPathPvCount(5)
.build())
.lvpNodeMountsConfig(BareMetalClusterStorageLvpNodeMountsConfigArgs.builder()
.path("/mnt/localpv-disk")
.storageClass("local-disks")
.build())
.build())
.securityConfig(BareMetalClusterSecurityConfigArgs.builder()
.authorization(BareMetalClusterSecurityConfigAuthorizationArgs.builder()
.adminUsers(BareMetalClusterSecurityConfigAuthorizationAdminUserArgs.builder()
.username("admin@hashicorptest.com")
.build())
.build())
.build())
.binaryAuthorization(BareMetalClusterBinaryAuthorizationArgs.builder()
.evaluationMode("DISABLED")
.build())
.upgradePolicy(BareMetalClusterUpgradePolicyArgs.builder()
.policy("SERIAL")
.build())
.build());
}
}
resources:
cluster-manuallb:
type: gcp:gkeonprem:BareMetalCluster
properties:
name: cluster-manuallb
location: us-west1
adminClusterMembership: projects/870316890899/locations/global/memberships/gkeonprem-terraform-test
bareMetalVersion: 1.12.3
networkConfig:
islandModeCidr:
serviceAddressCidrBlocks:
- 172.26.0.0/16
podAddressCidrBlocks:
- 10.240.0.0/13
controlPlane:
controlPlaneNodePoolConfig:
nodePoolConfig:
labels: {}
operatingSystem: LINUX
nodeConfigs:
- labels: {}
nodeIp: 10.200.0.9
loadBalancer:
portConfig:
controlPlaneLoadBalancerPort: 443
vipConfig:
controlPlaneVip: 10.200.0.13
ingressVip: 10.200.0.14
manualLbConfig:
enabled: true
storage:
lvpShareConfig:
lvpConfig:
path: /mnt/localpv-share
storageClass: local-shared
sharedPathPvCount: 5
lvpNodeMountsConfig:
path: /mnt/localpv-disk
storageClass: local-disks
securityConfig:
authorization:
adminUsers:
- username: admin@hashicorptest.com
binaryAuthorization:
evaluationMode: DISABLED
upgradePolicy:
policy: SERIAL
Setting manualLbConfig.enabled to true disables MetalLB and signals that you’ll route traffic to the controlPlaneVip and ingressVip manually. This example also shows binaryAuthorization for image validation policies and upgradePolicy to control how cluster upgrades roll out (SERIAL applies updates one node at a time).
Enable BGP load balancing with advanced networking
Production clusters often require BGP-based routing and specialized network interfaces for high-performance workloads.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const cluster_bgplb = new gcp.gkeonprem.BareMetalCluster("cluster-bgplb", {
name: "cluster-bgplb",
location: "us-west1",
adminClusterMembership: "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
bareMetalVersion: "1.12.3",
networkConfig: {
islandModeCidr: {
serviceAddressCidrBlocks: ["172.26.0.0/16"],
podAddressCidrBlocks: ["10.240.0.0/13"],
},
advancedNetworking: true,
multipleNetworkInterfacesConfig: {
enabled: true,
},
srIovConfig: {
enabled: true,
},
},
controlPlane: {
controlPlaneNodePoolConfig: {
nodePoolConfig: {
labels: {},
operatingSystem: "LINUX",
nodeConfigs: [{
labels: {},
nodeIp: "10.200.0.9",
}],
taints: [{
key: "test-key",
value: "test-value",
effect: "NO_EXECUTE",
}],
},
},
apiServerArgs: [{
argument: "test-argument",
value: "test-value",
}],
},
loadBalancer: {
portConfig: {
controlPlaneLoadBalancerPort: 443,
},
vipConfig: {
controlPlaneVip: "10.200.0.13",
ingressVip: "10.200.0.14",
},
bgpLbConfig: {
asn: 123456,
bgpPeerConfigs: [{
asn: 123457,
ipAddress: "10.0.0.1",
controlPlaneNodes: ["test-node"],
}],
addressPools: [{
pool: "pool1",
addresses: [
"10.200.0.14/32",
"10.200.0.15/32",
"10.200.0.16/32",
"10.200.0.17/32",
"10.200.0.18/32",
"fd00:1::f/128",
"fd00:1::10/128",
"fd00:1::11/128",
"fd00:1::12/128",
],
}],
loadBalancerNodePoolConfig: {
nodePoolConfig: {
labels: {},
operatingSystem: "LINUX",
nodeConfigs: [{
labels: {},
nodeIp: "10.200.0.9",
}],
taints: [{
key: "test-key",
value: "test-value",
effect: "NO_EXECUTE",
}],
kubeletConfig: {
registryPullQps: 10,
registryBurst: 12,
serializeImagePullsDisabled: true,
},
},
},
},
},
storage: {
lvpShareConfig: {
lvpConfig: {
path: "/mnt/localpv-share",
storageClass: "local-shared",
},
sharedPathPvCount: 5,
},
lvpNodeMountsConfig: {
path: "/mnt/localpv-disk",
storageClass: "local-disks",
},
},
securityConfig: {
authorization: {
adminUsers: [{
username: "admin@hashicorptest.com",
}],
},
},
proxy: {
uri: "http://test-domain/test",
noProxies: ["127.0.0.1"],
},
clusterOperations: {
enableApplicationLogs: true,
},
maintenanceConfig: {
maintenanceAddressCidrBlocks: ["192.168.0.1/20"],
},
nodeConfig: {
maxPodsPerNode: 10,
containerRuntime: "CONTAINERD",
},
nodeAccessConfig: {
loginUser: "test@example.com",
},
osEnvironmentConfig: {
packageRepoExcluded: true,
},
});
import pulumi
import pulumi_gcp as gcp
cluster_bgplb = gcp.gkeonprem.BareMetalCluster("cluster-bgplb",
name="cluster-bgplb",
location="us-west1",
admin_cluster_membership="projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
bare_metal_version="1.12.3",
network_config={
"island_mode_cidr": {
"service_address_cidr_blocks": ["172.26.0.0/16"],
"pod_address_cidr_blocks": ["10.240.0.0/13"],
},
"advanced_networking": True,
"multiple_network_interfaces_config": {
"enabled": True,
},
"sr_iov_config": {
"enabled": True,
},
},
control_plane={
"control_plane_node_pool_config": {
"node_pool_config": {
"labels": {},
"operating_system": "LINUX",
"node_configs": [{
"labels": {},
"node_ip": "10.200.0.9",
}],
"taints": [{
"key": "test-key",
"value": "test-value",
"effect": "NO_EXECUTE",
}],
},
},
"api_server_args": [{
"argument": "test-argument",
"value": "test-value",
}],
},
load_balancer={
"port_config": {
"control_plane_load_balancer_port": 443,
},
"vip_config": {
"control_plane_vip": "10.200.0.13",
"ingress_vip": "10.200.0.14",
},
"bgp_lb_config": {
"asn": 123456,
"bgp_peer_configs": [{
"asn": 123457,
"ip_address": "10.0.0.1",
"control_plane_nodes": ["test-node"],
}],
"address_pools": [{
"pool": "pool1",
"addresses": [
"10.200.0.14/32",
"10.200.0.15/32",
"10.200.0.16/32",
"10.200.0.17/32",
"10.200.0.18/32",
"fd00:1::f/128",
"fd00:1::10/128",
"fd00:1::11/128",
"fd00:1::12/128",
],
}],
"load_balancer_node_pool_config": {
"node_pool_config": {
"labels": {},
"operating_system": "LINUX",
"node_configs": [{
"labels": {},
"node_ip": "10.200.0.9",
}],
"taints": [{
"key": "test-key",
"value": "test-value",
"effect": "NO_EXECUTE",
}],
"kubelet_config": {
"registry_pull_qps": 10,
"registry_burst": 12,
"serialize_image_pulls_disabled": True,
},
},
},
},
},
storage={
"lvp_share_config": {
"lvp_config": {
"path": "/mnt/localpv-share",
"storage_class": "local-shared",
},
"shared_path_pv_count": 5,
},
"lvp_node_mounts_config": {
"path": "/mnt/localpv-disk",
"storage_class": "local-disks",
},
},
security_config={
"authorization": {
"admin_users": [{
"username": "admin@hashicorptest.com",
}],
},
},
proxy={
"uri": "http://test-domain/test",
"no_proxies": ["127.0.0.1"],
},
cluster_operations={
"enable_application_logs": True,
},
maintenance_config={
"maintenance_address_cidr_blocks": ["192.168.0.1/20"],
},
node_config={
"max_pods_per_node": 10,
"container_runtime": "CONTAINERD",
},
node_access_config={
"login_user": "test@example.com",
},
os_environment_config={
"package_repo_excluded": True,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/gkeonprem"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gkeonprem.NewBareMetalCluster(ctx, "cluster-bgplb", &gkeonprem.BareMetalClusterArgs{
Name: pulumi.String("cluster-bgplb"),
Location: pulumi.String("us-west1"),
AdminClusterMembership: pulumi.String("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test"),
BareMetalVersion: pulumi.String("1.12.3"),
NetworkConfig: &gkeonprem.BareMetalClusterNetworkConfigArgs{
IslandModeCidr: &gkeonprem.BareMetalClusterNetworkConfigIslandModeCidrArgs{
ServiceAddressCidrBlocks: pulumi.StringArray{
pulumi.String("172.26.0.0/16"),
},
PodAddressCidrBlocks: pulumi.StringArray{
pulumi.String("10.240.0.0/13"),
},
},
AdvancedNetworking: pulumi.Bool(true),
MultipleNetworkInterfacesConfig: &gkeonprem.BareMetalClusterNetworkConfigMultipleNetworkInterfacesConfigArgs{
Enabled: pulumi.Bool(true),
},
SrIovConfig: &gkeonprem.BareMetalClusterNetworkConfigSrIovConfigArgs{
Enabled: pulumi.Bool(true),
},
},
ControlPlane: &gkeonprem.BareMetalClusterControlPlaneArgs{
ControlPlaneNodePoolConfig: &gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs{
NodePoolConfig: &gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs{
Labels: pulumi.StringMap{},
OperatingSystem: pulumi.String("LINUX"),
NodeConfigs: gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArray{
&gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArgs{
Labels: pulumi.StringMap{},
NodeIp: pulumi.String("10.200.0.9"),
},
},
Taints: gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigTaintArray{
&gkeonprem.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigTaintArgs{
Key: pulumi.String("test-key"),
Value: pulumi.String("test-value"),
Effect: pulumi.String("NO_EXECUTE"),
},
},
},
},
ApiServerArgs: gkeonprem.BareMetalClusterControlPlaneApiServerArgArray{
&gkeonprem.BareMetalClusterControlPlaneApiServerArgArgs{
Argument: pulumi.String("test-argument"),
Value: pulumi.String("test-value"),
},
},
},
LoadBalancer: &gkeonprem.BareMetalClusterLoadBalancerArgs{
PortConfig: &gkeonprem.BareMetalClusterLoadBalancerPortConfigArgs{
ControlPlaneLoadBalancerPort: pulumi.Int(443),
},
VipConfig: &gkeonprem.BareMetalClusterLoadBalancerVipConfigArgs{
ControlPlaneVip: pulumi.String("10.200.0.13"),
IngressVip: pulumi.String("10.200.0.14"),
},
BgpLbConfig: &gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigArgs{
Asn: pulumi.Int(123456),
BgpPeerConfigs: gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigBgpPeerConfigArray{
&gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigBgpPeerConfigArgs{
Asn: pulumi.Int(123457),
IpAddress: pulumi.String("10.0.0.1"),
ControlPlaneNodes: pulumi.StringArray{
pulumi.String("test-node"),
},
},
},
AddressPools: gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigAddressPoolArray{
&gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigAddressPoolArgs{
Pool: pulumi.String("pool1"),
Addresses: pulumi.StringArray{
pulumi.String("10.200.0.14/32"),
pulumi.String("10.200.0.15/32"),
pulumi.String("10.200.0.16/32"),
pulumi.String("10.200.0.17/32"),
pulumi.String("10.200.0.18/32"),
pulumi.String("fd00:1::f/128"),
pulumi.String("fd00:1::10/128"),
pulumi.String("fd00:1::11/128"),
pulumi.String("fd00:1::12/128"),
},
},
},
LoadBalancerNodePoolConfig: &gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigArgs{
NodePoolConfig: &gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigArgs{
Labels: pulumi.StringMap{},
OperatingSystem: pulumi.String("LINUX"),
NodeConfigs: gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigNodeConfigArray{
&gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigNodeConfigArgs{
Labels: pulumi.StringMap{},
NodeIp: pulumi.String("10.200.0.9"),
},
},
Taints: gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigTaintArray{
&gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigTaintArgs{
Key: pulumi.String("test-key"),
Value: pulumi.String("test-value"),
Effect: pulumi.String("NO_EXECUTE"),
},
},
KubeletConfig: &gkeonprem.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigKubeletConfigArgs{
RegistryPullQps: pulumi.Int(10),
RegistryBurst: pulumi.Int(12),
SerializeImagePullsDisabled: pulumi.Bool(true),
},
},
},
},
},
Storage: &gkeonprem.BareMetalClusterStorageArgs{
LvpShareConfig: &gkeonprem.BareMetalClusterStorageLvpShareConfigArgs{
LvpConfig: &gkeonprem.BareMetalClusterStorageLvpShareConfigLvpConfigArgs{
Path: pulumi.String("/mnt/localpv-share"),
StorageClass: pulumi.String("local-shared"),
},
SharedPathPvCount: pulumi.Int(5),
},
LvpNodeMountsConfig: &gkeonprem.BareMetalClusterStorageLvpNodeMountsConfigArgs{
Path: pulumi.String("/mnt/localpv-disk"),
StorageClass: pulumi.String("local-disks"),
},
},
SecurityConfig: &gkeonprem.BareMetalClusterSecurityConfigArgs{
Authorization: &gkeonprem.BareMetalClusterSecurityConfigAuthorizationArgs{
AdminUsers: gkeonprem.BareMetalClusterSecurityConfigAuthorizationAdminUserArray{
&gkeonprem.BareMetalClusterSecurityConfigAuthorizationAdminUserArgs{
Username: pulumi.String("admin@hashicorptest.com"),
},
},
},
},
Proxy: &gkeonprem.BareMetalClusterProxyArgs{
Uri: pulumi.String("http://test-domain/test"),
NoProxies: pulumi.StringArray{
pulumi.String("127.0.0.1"),
},
},
ClusterOperations: &gkeonprem.BareMetalClusterClusterOperationsArgs{
EnableApplicationLogs: pulumi.Bool(true),
},
MaintenanceConfig: &gkeonprem.BareMetalClusterMaintenanceConfigArgs{
MaintenanceAddressCidrBlocks: pulumi.StringArray{
pulumi.String("192.168.0.1/20"),
},
},
NodeConfig: &gkeonprem.BareMetalClusterNodeConfigArgs{
MaxPodsPerNode: pulumi.Int(10),
ContainerRuntime: pulumi.String("CONTAINERD"),
},
NodeAccessConfig: &gkeonprem.BareMetalClusterNodeAccessConfigArgs{
LoginUser: pulumi.String("test@example.com"),
},
OsEnvironmentConfig: &gkeonprem.BareMetalClusterOsEnvironmentConfigArgs{
PackageRepoExcluded: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var cluster_bgplb = new Gcp.GkeOnPrem.BareMetalCluster("cluster-bgplb", new()
{
Name = "cluster-bgplb",
Location = "us-west1",
AdminClusterMembership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
BareMetalVersion = "1.12.3",
NetworkConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterNetworkConfigArgs
{
IslandModeCidr = new Gcp.GkeOnPrem.Inputs.BareMetalClusterNetworkConfigIslandModeCidrArgs
{
ServiceAddressCidrBlocks = new[]
{
"172.26.0.0/16",
},
PodAddressCidrBlocks = new[]
{
"10.240.0.0/13",
},
},
AdvancedNetworking = true,
MultipleNetworkInterfacesConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterNetworkConfigMultipleNetworkInterfacesConfigArgs
{
Enabled = true,
},
SrIovConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterNetworkConfigSrIovConfigArgs
{
Enabled = true,
},
},
ControlPlane = new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneArgs
{
ControlPlaneNodePoolConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs
{
NodePoolConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs
{
Labels = null,
OperatingSystem = "LINUX",
NodeConfigs = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArgs
{
Labels = null,
NodeIp = "10.200.0.9",
},
},
Taints = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigTaintArgs
{
Key = "test-key",
Value = "test-value",
Effect = "NO_EXECUTE",
},
},
},
},
ApiServerArgs = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterControlPlaneApiServerArgArgs
{
Argument = "test-argument",
Value = "test-value",
},
},
},
LoadBalancer = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerArgs
{
PortConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerPortConfigArgs
{
ControlPlaneLoadBalancerPort = 443,
},
VipConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerVipConfigArgs
{
ControlPlaneVip = "10.200.0.13",
IngressVip = "10.200.0.14",
},
BgpLbConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerBgpLbConfigArgs
{
Asn = 123456,
BgpPeerConfigs = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerBgpLbConfigBgpPeerConfigArgs
{
Asn = 123457,
IpAddress = "10.0.0.1",
ControlPlaneNodes = new[]
{
"test-node",
},
},
},
AddressPools = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerBgpLbConfigAddressPoolArgs
{
Pool = "pool1",
Addresses = new[]
{
"10.200.0.14/32",
"10.200.0.15/32",
"10.200.0.16/32",
"10.200.0.17/32",
"10.200.0.18/32",
"fd00:1::f/128",
"fd00:1::10/128",
"fd00:1::11/128",
"fd00:1::12/128",
},
},
},
LoadBalancerNodePoolConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigArgs
{
NodePoolConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigArgs
{
Labels = null,
OperatingSystem = "LINUX",
NodeConfigs = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigNodeConfigArgs
{
Labels = null,
NodeIp = "10.200.0.9",
},
},
Taints = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigTaintArgs
{
Key = "test-key",
Value = "test-value",
Effect = "NO_EXECUTE",
},
},
KubeletConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigKubeletConfigArgs
{
RegistryPullQps = 10,
RegistryBurst = 12,
SerializeImagePullsDisabled = true,
},
},
},
},
},
Storage = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageArgs
{
LvpShareConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageLvpShareConfigArgs
{
LvpConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageLvpShareConfigLvpConfigArgs
{
Path = "/mnt/localpv-share",
StorageClass = "local-shared",
},
SharedPathPvCount = 5,
},
LvpNodeMountsConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterStorageLvpNodeMountsConfigArgs
{
Path = "/mnt/localpv-disk",
StorageClass = "local-disks",
},
},
SecurityConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterSecurityConfigArgs
{
Authorization = new Gcp.GkeOnPrem.Inputs.BareMetalClusterSecurityConfigAuthorizationArgs
{
AdminUsers = new[]
{
new Gcp.GkeOnPrem.Inputs.BareMetalClusterSecurityConfigAuthorizationAdminUserArgs
{
Username = "admin@hashicorptest.com",
},
},
},
},
Proxy = new Gcp.GkeOnPrem.Inputs.BareMetalClusterProxyArgs
{
Uri = "http://test-domain/test",
NoProxies = new[]
{
"127.0.0.1",
},
},
ClusterOperations = new Gcp.GkeOnPrem.Inputs.BareMetalClusterClusterOperationsArgs
{
EnableApplicationLogs = true,
},
MaintenanceConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterMaintenanceConfigArgs
{
MaintenanceAddressCidrBlocks = new[]
{
"192.168.0.1/20",
},
},
NodeConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterNodeConfigArgs
{
MaxPodsPerNode = 10,
ContainerRuntime = "CONTAINERD",
},
NodeAccessConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterNodeAccessConfigArgs
{
LoginUser = "test@example.com",
},
OsEnvironmentConfig = new Gcp.GkeOnPrem.Inputs.BareMetalClusterOsEnvironmentConfigArgs
{
PackageRepoExcluded = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.gkeonprem.BareMetalCluster;
import com.pulumi.gcp.gkeonprem.BareMetalClusterArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterNetworkConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterNetworkConfigIslandModeCidrArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterNetworkConfigMultipleNetworkInterfacesConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterNetworkConfigSrIovConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterControlPlaneArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerPortConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerVipConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerBgpLbConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigKubeletConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageLvpShareConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageLvpShareConfigLvpConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterStorageLvpNodeMountsConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterSecurityConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterSecurityConfigAuthorizationArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterProxyArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterClusterOperationsArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterMaintenanceConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterNodeConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterNodeAccessConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.BareMetalClusterOsEnvironmentConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster_bgplb = new BareMetalCluster("cluster-bgplb", BareMetalClusterArgs.builder()
.name("cluster-bgplb")
.location("us-west1")
.adminClusterMembership("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test")
.bareMetalVersion("1.12.3")
.networkConfig(BareMetalClusterNetworkConfigArgs.builder()
.islandModeCidr(BareMetalClusterNetworkConfigIslandModeCidrArgs.builder()
.serviceAddressCidrBlocks("172.26.0.0/16")
.podAddressCidrBlocks("10.240.0.0/13")
.build())
.advancedNetworking(true)
.multipleNetworkInterfacesConfig(BareMetalClusterNetworkConfigMultipleNetworkInterfacesConfigArgs.builder()
.enabled(true)
.build())
.srIovConfig(BareMetalClusterNetworkConfigSrIovConfigArgs.builder()
.enabled(true)
.build())
.build())
.controlPlane(BareMetalClusterControlPlaneArgs.builder()
.controlPlaneNodePoolConfig(BareMetalClusterControlPlaneControlPlaneNodePoolConfigArgs.builder()
.nodePoolConfig(BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigArgs.builder()
.labels(Map.ofEntries(
))
.operatingSystem("LINUX")
.nodeConfigs(BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigNodeConfigArgs.builder()
.labels(Map.ofEntries(
))
.nodeIp("10.200.0.9")
.build())
.taints(BareMetalClusterControlPlaneControlPlaneNodePoolConfigNodePoolConfigTaintArgs.builder()
.key("test-key")
.value("test-value")
.effect("NO_EXECUTE")
.build())
.build())
.build())
.apiServerArgs(BareMetalClusterControlPlaneApiServerArgArgs.builder()
.argument("test-argument")
.value("test-value")
.build())
.build())
.loadBalancer(BareMetalClusterLoadBalancerArgs.builder()
.portConfig(BareMetalClusterLoadBalancerPortConfigArgs.builder()
.controlPlaneLoadBalancerPort(443)
.build())
.vipConfig(BareMetalClusterLoadBalancerVipConfigArgs.builder()
.controlPlaneVip("10.200.0.13")
.ingressVip("10.200.0.14")
.build())
.bgpLbConfig(BareMetalClusterLoadBalancerBgpLbConfigArgs.builder()
.asn(123456)
.bgpPeerConfigs(BareMetalClusterLoadBalancerBgpLbConfigBgpPeerConfigArgs.builder()
.asn(123457)
.ipAddress("10.0.0.1")
.controlPlaneNodes("test-node")
.build())
.addressPools(BareMetalClusterLoadBalancerBgpLbConfigAddressPoolArgs.builder()
.pool("pool1")
.addresses(
"10.200.0.14/32",
"10.200.0.15/32",
"10.200.0.16/32",
"10.200.0.17/32",
"10.200.0.18/32",
"fd00:1::f/128",
"fd00:1::10/128",
"fd00:1::11/128",
"fd00:1::12/128")
.build())
.loadBalancerNodePoolConfig(BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigArgs.builder()
.nodePoolConfig(BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigArgs.builder()
.labels(Map.ofEntries(
))
.operatingSystem("LINUX")
.nodeConfigs(BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigNodeConfigArgs.builder()
.labels(Map.ofEntries(
))
.nodeIp("10.200.0.9")
.build())
.taints(BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigTaintArgs.builder()
.key("test-key")
.value("test-value")
.effect("NO_EXECUTE")
.build())
.kubeletConfig(BareMetalClusterLoadBalancerBgpLbConfigLoadBalancerNodePoolConfigNodePoolConfigKubeletConfigArgs.builder()
.registryPullQps(10)
.registryBurst(12)
.serializeImagePullsDisabled(true)
.build())
.build())
.build())
.build())
.build())
.storage(BareMetalClusterStorageArgs.builder()
.lvpShareConfig(BareMetalClusterStorageLvpShareConfigArgs.builder()
.lvpConfig(BareMetalClusterStorageLvpShareConfigLvpConfigArgs.builder()
.path("/mnt/localpv-share")
.storageClass("local-shared")
.build())
.sharedPathPvCount(5)
.build())
.lvpNodeMountsConfig(BareMetalClusterStorageLvpNodeMountsConfigArgs.builder()
.path("/mnt/localpv-disk")
.storageClass("local-disks")
.build())
.build())
.securityConfig(BareMetalClusterSecurityConfigArgs.builder()
.authorization(BareMetalClusterSecurityConfigAuthorizationArgs.builder()
.adminUsers(BareMetalClusterSecurityConfigAuthorizationAdminUserArgs.builder()
.username("admin@hashicorptest.com")
.build())
.build())
.build())
.proxy(BareMetalClusterProxyArgs.builder()
.uri("http://test-domain/test")
.noProxies("127.0.0.1")
.build())
.clusterOperations(BareMetalClusterClusterOperationsArgs.builder()
.enableApplicationLogs(true)
.build())
.maintenanceConfig(BareMetalClusterMaintenanceConfigArgs.builder()
.maintenanceAddressCidrBlocks("192.168.0.1/20")
.build())
.nodeConfig(BareMetalClusterNodeConfigArgs.builder()
.maxPodsPerNode(10)
.containerRuntime("CONTAINERD")
.build())
.nodeAccessConfig(BareMetalClusterNodeAccessConfigArgs.builder()
.loginUser("test@example.com")
.build())
.osEnvironmentConfig(BareMetalClusterOsEnvironmentConfigArgs.builder()
.packageRepoExcluded(true)
.build())
.build());
}
}
resources:
cluster-bgplb:
type: gcp:gkeonprem:BareMetalCluster
properties:
name: cluster-bgplb
location: us-west1
adminClusterMembership: projects/870316890899/locations/global/memberships/gkeonprem-terraform-test
bareMetalVersion: 1.12.3
networkConfig:
islandModeCidr:
serviceAddressCidrBlocks:
- 172.26.0.0/16
podAddressCidrBlocks:
- 10.240.0.0/13
advancedNetworking: true
multipleNetworkInterfacesConfig:
enabled: true
srIovConfig:
enabled: true
controlPlane:
controlPlaneNodePoolConfig:
nodePoolConfig:
labels: {}
operatingSystem: LINUX
nodeConfigs:
- labels: {}
nodeIp: 10.200.0.9
taints:
- key: test-key
value: test-value
effect: NO_EXECUTE
apiServerArgs:
- argument: test-argument
value: test-value
loadBalancer:
portConfig:
controlPlaneLoadBalancerPort: 443
vipConfig:
controlPlaneVip: 10.200.0.13
ingressVip: 10.200.0.14
bgpLbConfig:
asn: 123456
bgpPeerConfigs:
- asn: 123457
ipAddress: 10.0.0.1
controlPlaneNodes:
- test-node
addressPools:
- pool: pool1
addresses:
- 10.200.0.14/32
- 10.200.0.15/32
- 10.200.0.16/32
- 10.200.0.17/32
- 10.200.0.18/32
- fd00:1::f/128
- fd00:1::10/128
- fd00:1::11/128
- fd00:1::12/128
loadBalancerNodePoolConfig:
nodePoolConfig:
labels: {}
operatingSystem: LINUX
nodeConfigs:
- labels: {}
nodeIp: 10.200.0.9
taints:
- key: test-key
value: test-value
effect: NO_EXECUTE
kubeletConfig:
registryPullQps: 10
registryBurst: 12
serializeImagePullsDisabled: true
storage:
lvpShareConfig:
lvpConfig:
path: /mnt/localpv-share
storageClass: local-shared
sharedPathPvCount: 5
lvpNodeMountsConfig:
path: /mnt/localpv-disk
storageClass: local-disks
securityConfig:
authorization:
adminUsers:
- username: admin@hashicorptest.com
proxy:
uri: http://test-domain/test
noProxies:
- 127.0.0.1
clusterOperations:
enableApplicationLogs: true
maintenanceConfig:
maintenanceAddressCidrBlocks:
- 192.168.0.1/20
nodeConfig:
maxPodsPerNode: 10
containerRuntime: CONTAINERD
nodeAccessConfig:
loginUser: test@example.com
osEnvironmentConfig:
packageRepoExcluded: true
The bgpLbConfig section replaces MetalLB with BGP peering: you specify your cluster’s ASN and define bgpPeerConfigs pointing to external BGP routers. Setting advancedNetworking to true enables multipleNetworkInterfacesConfig and srIovConfig for SR-IOV support. The taints property on node pools prevents workloads from scheduling unless they tolerate the taint. The apiServerArgs property passes custom flags to the Kubernetes API server. Additional sections like proxy, clusterOperations, maintenanceConfig, nodeConfig, nodeAccessConfig, and osEnvironmentConfig provide operational controls for production deployments.
Beyond these examples
These snippets focus on specific bare metal cluster features: load balancing strategies, networking modes and advanced features, and storage configuration and node pool management. They’re intentionally minimal rather than full infrastructure deployments.
The examples rely on pre-existing infrastructure such as admin cluster membership, bare metal nodes at specified IP addresses, physical network infrastructure supporting specified CIDR blocks, and BGP routers for the BGP load balancing example. They focus on configuring the cluster rather than provisioning the underlying hardware.
To keep things focused, common cluster patterns are omitted, including:
- Cluster monitoring and logging (clusterOperations in basic example)
- Maintenance windows and node access (maintenanceConfig, nodeAccessConfig)
- Container runtime and pod limits (nodeConfig)
- Package repository configuration (osEnvironmentConfig)
These omissions are intentional: the goal is to illustrate how each cluster feature is wired, not provide drop-in bare metal modules. See the BareMetalCluster resource reference for all available configuration options.
Let's deploy GCP Bare Metal Kubernetes Clusters
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Cluster Configuration & Immutability
What properties can't I change after creating the cluster?
Four properties are immutable and require cluster recreation if changed:
adminClusterMembership, location, name, and project.What's required to create a bare metal cluster?
Seven properties are required:
adminClusterMembership, bareMetalVersion, controlPlane, loadBalancer, location, name, networkConfig, and storage.What format does adminClusterMembership use?
It requires the full resource name of the Admin Cluster’s hub membership, like
projects/870316890899/locations/global/memberships/gkeonprem-terraform-test.Load Balancer Configuration
What load balancer options are available?
You can configure three types of load balancers:
- MetalLB - Use
metalLbConfigwith address pools (basic example) - Manual - Use
manualLbConfigwithenabled: true(manuallb example) - BGP - Use
bgpLbConfigwith ASN and peer configurations (bgplb example)
Annotations & Metadata
Why don't all annotations appear in my configuration?
The
annotations field is non-authoritative and only manages annotations defined in your configuration. To see all annotations on the resource, reference effectiveAnnotations.How can I import an existing cluster?
Use one of three formats:
projects/{{project}}/locations/{{location}}/bareMetalClusters/{{name}}, {{project}}/{{location}}/{{name}}, or {{location}}/{{name}}.Using a different cloud?
Explore containers guides for other cloud providers: