The gcp:gkeonprem/vmwareAdminCluster:VmwareAdminCluster resource, part of the Pulumi GCP provider, provisions a GKE on VMware admin cluster that manages user clusters and provides centralized control plane services. This guide focuses on three capabilities: load balancer integration (F5, MetalLB, manual), network configuration (DHCP vs static IPs), and high availability control plane setup.
Admin clusters depend on a bootstrap cluster membership for initial provisioning, vCenter infrastructure for compute and storage, and load balancer or proxy configuration for network access. The examples are intentionally small. Combine them with your own vCenter resources, network planning, and access control policies.
Deploy a basic admin cluster with F5 load balancing
Most GKE on VMware deployments start with an admin cluster that manages user clusters. The admin cluster connects to vCenter, configures networking, and exposes services through a load balancer.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const admin_cluster_basic = new gcp.gkeonprem.VmwareAdminCluster("admin-cluster-basic", {
name: "basic",
location: "us-west1",
description: "test admin cluster",
bootstrapClusterMembership: "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
onPremVersion: "1.31.0-gke.35",
imageType: "ubuntu_containerd",
vcenter: {
resourcePool: "test resource pool",
datastore: "test data store",
datacenter: "test data center",
cluster: "test cluster",
folder: "test folder",
caCertData: "test ca cert data",
address: "10.0.0.1",
dataDisk: "test data disk",
},
networkConfig: {
serviceAddressCidrBlocks: ["10.96.0.0/12"],
podAddressCidrBlocks: ["192.168.0.0/16"],
dhcpIpConfig: {
enabled: true,
},
},
controlPlaneNode: {
cpus: 4,
memory: 8192,
},
loadBalancer: {
vipConfig: {
controlPlaneVip: "10.251.133.5",
addonsVip: "10.251.135.19",
},
f5Config: {
address: "10.251.135.22",
partition: "test-parition",
snatPool: "test-snat-pool",
},
},
privateRegistryConfig: {
address: "test-address",
caCert: "test-ca-cert",
},
});
import pulumi
import pulumi_gcp as gcp
admin_cluster_basic = gcp.gkeonprem.VmwareAdminCluster("admin-cluster-basic",
name="basic",
location="us-west1",
description="test admin cluster",
bootstrap_cluster_membership="projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
on_prem_version="1.31.0-gke.35",
image_type="ubuntu_containerd",
vcenter={
"resource_pool": "test resource pool",
"datastore": "test data store",
"datacenter": "test data center",
"cluster": "test cluster",
"folder": "test folder",
"ca_cert_data": "test ca cert data",
"address": "10.0.0.1",
"data_disk": "test data disk",
},
network_config={
"service_address_cidr_blocks": ["10.96.0.0/12"],
"pod_address_cidr_blocks": ["192.168.0.0/16"],
"dhcp_ip_config": {
"enabled": True,
},
},
control_plane_node={
"cpus": 4,
"memory": 8192,
},
load_balancer={
"vip_config": {
"control_plane_vip": "10.251.133.5",
"addons_vip": "10.251.135.19",
},
"f5_config": {
"address": "10.251.135.22",
"partition": "test-parition",
"snat_pool": "test-snat-pool",
},
},
private_registry_config={
"address": "test-address",
"ca_cert": "test-ca-cert",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/gkeonprem"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gkeonprem.NewVmwareAdminCluster(ctx, "admin-cluster-basic", &gkeonprem.VmwareAdminClusterArgs{
Name: pulumi.String("basic"),
Location: pulumi.String("us-west1"),
Description: pulumi.String("test admin cluster"),
BootstrapClusterMembership: pulumi.String("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test"),
OnPremVersion: pulumi.String("1.31.0-gke.35"),
ImageType: pulumi.String("ubuntu_containerd"),
Vcenter: &gkeonprem.VmwareAdminClusterVcenterArgs{
ResourcePool: pulumi.String("test resource pool"),
Datastore: pulumi.String("test data store"),
Datacenter: pulumi.String("test data center"),
Cluster: pulumi.String("test cluster"),
Folder: pulumi.String("test folder"),
CaCertData: pulumi.String("test ca cert data"),
Address: pulumi.String("10.0.0.1"),
DataDisk: pulumi.String("test data disk"),
},
NetworkConfig: &gkeonprem.VmwareAdminClusterNetworkConfigArgs{
ServiceAddressCidrBlocks: pulumi.StringArray{
pulumi.String("10.96.0.0/12"),
},
PodAddressCidrBlocks: pulumi.StringArray{
pulumi.String("192.168.0.0/16"),
},
DhcpIpConfig: &gkeonprem.VmwareAdminClusterNetworkConfigDhcpIpConfigArgs{
Enabled: pulumi.Bool(true),
},
},
ControlPlaneNode: &gkeonprem.VmwareAdminClusterControlPlaneNodeArgs{
Cpus: pulumi.Int(4),
Memory: pulumi.Int(8192),
},
LoadBalancer: &gkeonprem.VmwareAdminClusterLoadBalancerArgs{
VipConfig: &gkeonprem.VmwareAdminClusterLoadBalancerVipConfigArgs{
ControlPlaneVip: pulumi.String("10.251.133.5"),
AddonsVip: pulumi.String("10.251.135.19"),
},
F5Config: &gkeonprem.VmwareAdminClusterLoadBalancerF5ConfigArgs{
Address: pulumi.String("10.251.135.22"),
Partition: pulumi.String("test-parition"),
SnatPool: pulumi.String("test-snat-pool"),
},
},
PrivateRegistryConfig: &gkeonprem.VmwareAdminClusterPrivateRegistryConfigArgs{
Address: pulumi.String("test-address"),
CaCert: pulumi.String("test-ca-cert"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var admin_cluster_basic = new Gcp.GkeOnPrem.VmwareAdminCluster("admin-cluster-basic", new()
{
Name = "basic",
Location = "us-west1",
Description = "test admin cluster",
BootstrapClusterMembership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
OnPremVersion = "1.31.0-gke.35",
ImageType = "ubuntu_containerd",
Vcenter = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterVcenterArgs
{
ResourcePool = "test resource pool",
Datastore = "test data store",
Datacenter = "test data center",
Cluster = "test cluster",
Folder = "test folder",
CaCertData = "test ca cert data",
Address = "10.0.0.1",
DataDisk = "test data disk",
},
NetworkConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigArgs
{
ServiceAddressCidrBlocks = new[]
{
"10.96.0.0/12",
},
PodAddressCidrBlocks = new[]
{
"192.168.0.0/16",
},
DhcpIpConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigDhcpIpConfigArgs
{
Enabled = true,
},
},
ControlPlaneNode = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterControlPlaneNodeArgs
{
Cpus = 4,
Memory = 8192,
},
LoadBalancer = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterLoadBalancerArgs
{
VipConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterLoadBalancerVipConfigArgs
{
ControlPlaneVip = "10.251.133.5",
AddonsVip = "10.251.135.19",
},
F5Config = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterLoadBalancerF5ConfigArgs
{
Address = "10.251.135.22",
Partition = "test-parition",
SnatPool = "test-snat-pool",
},
},
PrivateRegistryConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterPrivateRegistryConfigArgs
{
Address = "test-address",
CaCert = "test-ca-cert",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.gkeonprem.VmwareAdminCluster;
import com.pulumi.gcp.gkeonprem.VmwareAdminClusterArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterVcenterArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterNetworkConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterNetworkConfigDhcpIpConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterControlPlaneNodeArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterLoadBalancerArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterLoadBalancerVipConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterLoadBalancerF5ConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterPrivateRegistryConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var admin_cluster_basic = new VmwareAdminCluster("admin-cluster-basic", VmwareAdminClusterArgs.builder()
.name("basic")
.location("us-west1")
.description("test admin cluster")
.bootstrapClusterMembership("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test")
.onPremVersion("1.31.0-gke.35")
.imageType("ubuntu_containerd")
.vcenter(VmwareAdminClusterVcenterArgs.builder()
.resourcePool("test resource pool")
.datastore("test data store")
.datacenter("test data center")
.cluster("test cluster")
.folder("test folder")
.caCertData("test ca cert data")
.address("10.0.0.1")
.dataDisk("test data disk")
.build())
.networkConfig(VmwareAdminClusterNetworkConfigArgs.builder()
.serviceAddressCidrBlocks("10.96.0.0/12")
.podAddressCidrBlocks("192.168.0.0/16")
.dhcpIpConfig(VmwareAdminClusterNetworkConfigDhcpIpConfigArgs.builder()
.enabled(true)
.build())
.build())
.controlPlaneNode(VmwareAdminClusterControlPlaneNodeArgs.builder()
.cpus(4)
.memory(8192)
.build())
.loadBalancer(VmwareAdminClusterLoadBalancerArgs.builder()
.vipConfig(VmwareAdminClusterLoadBalancerVipConfigArgs.builder()
.controlPlaneVip("10.251.133.5")
.addonsVip("10.251.135.19")
.build())
.f5Config(VmwareAdminClusterLoadBalancerF5ConfigArgs.builder()
.address("10.251.135.22")
.partition("test-parition")
.snatPool("test-snat-pool")
.build())
.build())
.privateRegistryConfig(VmwareAdminClusterPrivateRegistryConfigArgs.builder()
.address("test-address")
.caCert("test-ca-cert")
.build())
.build());
}
}
resources:
admin-cluster-basic:
type: gcp:gkeonprem:VmwareAdminCluster
properties:
name: basic
location: us-west1
description: test admin cluster
bootstrapClusterMembership: projects/870316890899/locations/global/memberships/gkeonprem-terraform-test
onPremVersion: 1.31.0-gke.35
imageType: ubuntu_containerd
vcenter:
resourcePool: test resource pool
datastore: test data store
datacenter: test data center
cluster: test cluster
folder: test folder
caCertData: test ca cert data
address: 10.0.0.1
dataDisk: test data disk
networkConfig:
serviceAddressCidrBlocks:
- 10.96.0.0/12
podAddressCidrBlocks:
- 192.168.0.0/16
dhcpIpConfig:
enabled: true
controlPlaneNode:
cpus: 4
memory: 8192
loadBalancer:
vipConfig:
controlPlaneVip: 10.251.133.5
addonsVip: 10.251.135.19
f5Config:
address: 10.251.135.22
partition: test-parition
snatPool: test-snat-pool
privateRegistryConfig:
address: test-address
caCert: test-ca-cert
The vcenter block maps the cluster to vCenter resources (resource pool, datastore, datacenter). The networkConfig defines CIDR blocks for services and pods, with dhcpIpConfig enabling automatic IP assignment. The loadBalancer block configures F5 with vipConfig specifying control plane and add-ons VIPs, while f5Config provides F5-specific settings like partition and SNAT pool. The bootstrapClusterMembership links this admin cluster to its bootstrap cluster.
Configure high availability with static IPs and manual load balancing
Production deployments require high availability control planes, static IP allocation for predictable networking, and manual load balancer configuration for environments without F5 or MetalLB.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const admin_cluster_full = new gcp.gkeonprem.VmwareAdminCluster("admin-cluster-full", {
name: "full",
location: "us-west1",
description: "test admin cluster",
bootstrapClusterMembership: "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
onPremVersion: "1.31.0-gke.35",
imageType: "ubuntu_containerd",
annotations: {},
vcenter: {
resourcePool: "test resource pool",
datastore: "test data store",
datacenter: "test data center",
cluster: "test cluster",
folder: "test folder",
caCertData: "test ca cert data",
address: "10.0.0.1",
dataDisk: "test data disk",
storagePolicyName: "storage_policy_name",
},
networkConfig: {
serviceAddressCidrBlocks: ["10.96.0.0/12"],
podAddressCidrBlocks: ["192.168.0.0/16"],
haControlPlaneConfig: {
controlPlaneIpBlock: {
gateway: "10.0.0.3",
ips: [{
hostname: "hostname",
ip: "10.0.0.4",
}],
netmask: "10.0.0.3/32",
},
},
hostConfig: {
dnsServers: ["10.254.41.1"],
ntpServers: ["216.239.35.8"],
dnsSearchDomains: ["test-domain"],
},
staticIpConfig: {
ipBlocks: [{
gateway: "10.0.0.1",
ips: [{
hostname: "hostname",
ip: "10.0.0.2",
}],
netmask: "10.0.0.3/32",
}],
},
vcenterNetwork: "test-vcenter-network",
},
controlPlaneNode: {
cpus: 4,
memory: 8192,
replicas: 3,
},
loadBalancer: {
vipConfig: {
controlPlaneVip: "10.251.133.5",
addonsVip: "10.251.135.19",
},
manualLbConfig: {
addonsNodePort: 30005,
controlPlaneNodePort: 30006,
ingressHttpNodePort: 30007,
ingressHttpsNodePort: 30008,
konnectivityServerNodePort: 30009,
},
},
addonNode: {
autoResizeConfig: {
enabled: true,
},
},
antiAffinityGroups: {
aagConfigDisabled: true,
},
authorization: {
viewerUsers: [{
username: "user1@gmail.com",
}],
},
autoRepairConfig: {
enabled: true,
},
platformConfig: {
requiredPlatformVersion: "1.31.0",
},
privateRegistryConfig: {
address: "test-address",
caCert: "test-ca-cert",
},
proxy: {
url: "http://my-proxy.example.local:80",
noProxy: "10.151.222.0/24,my-host.example.local,10.151.2.1",
},
});
import pulumi
import pulumi_gcp as gcp
admin_cluster_full = gcp.gkeonprem.VmwareAdminCluster("admin-cluster-full",
name="full",
location="us-west1",
description="test admin cluster",
bootstrap_cluster_membership="projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
on_prem_version="1.31.0-gke.35",
image_type="ubuntu_containerd",
annotations={},
vcenter={
"resource_pool": "test resource pool",
"datastore": "test data store",
"datacenter": "test data center",
"cluster": "test cluster",
"folder": "test folder",
"ca_cert_data": "test ca cert data",
"address": "10.0.0.1",
"data_disk": "test data disk",
"storage_policy_name": "storage_policy_name",
},
network_config={
"service_address_cidr_blocks": ["10.96.0.0/12"],
"pod_address_cidr_blocks": ["192.168.0.0/16"],
"ha_control_plane_config": {
"control_plane_ip_block": {
"gateway": "10.0.0.3",
"ips": [{
"hostname": "hostname",
"ip": "10.0.0.4",
}],
"netmask": "10.0.0.3/32",
},
},
"host_config": {
"dns_servers": ["10.254.41.1"],
"ntp_servers": ["216.239.35.8"],
"dns_search_domains": ["test-domain"],
},
"static_ip_config": {
"ip_blocks": [{
"gateway": "10.0.0.1",
"ips": [{
"hostname": "hostname",
"ip": "10.0.0.2",
}],
"netmask": "10.0.0.3/32",
}],
},
"vcenter_network": "test-vcenter-network",
},
control_plane_node={
"cpus": 4,
"memory": 8192,
"replicas": 3,
},
load_balancer={
"vip_config": {
"control_plane_vip": "10.251.133.5",
"addons_vip": "10.251.135.19",
},
"manual_lb_config": {
"addons_node_port": 30005,
"control_plane_node_port": 30006,
"ingress_http_node_port": 30007,
"ingress_https_node_port": 30008,
"konnectivity_server_node_port": 30009,
},
},
addon_node={
"auto_resize_config": {
"enabled": True,
},
},
anti_affinity_groups={
"aag_config_disabled": True,
},
authorization={
"viewer_users": [{
"username": "user1@gmail.com",
}],
},
auto_repair_config={
"enabled": True,
},
platform_config={
"required_platform_version": "1.31.0",
},
private_registry_config={
"address": "test-address",
"ca_cert": "test-ca-cert",
},
proxy={
"url": "http://my-proxy.example.local:80",
"no_proxy": "10.151.222.0/24,my-host.example.local,10.151.2.1",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/gkeonprem"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gkeonprem.NewVmwareAdminCluster(ctx, "admin-cluster-full", &gkeonprem.VmwareAdminClusterArgs{
Name: pulumi.String("full"),
Location: pulumi.String("us-west1"),
Description: pulumi.String("test admin cluster"),
BootstrapClusterMembership: pulumi.String("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test"),
OnPremVersion: pulumi.String("1.31.0-gke.35"),
ImageType: pulumi.String("ubuntu_containerd"),
Annotations: pulumi.StringMap{},
Vcenter: &gkeonprem.VmwareAdminClusterVcenterArgs{
ResourcePool: pulumi.String("test resource pool"),
Datastore: pulumi.String("test data store"),
Datacenter: pulumi.String("test data center"),
Cluster: pulumi.String("test cluster"),
Folder: pulumi.String("test folder"),
CaCertData: pulumi.String("test ca cert data"),
Address: pulumi.String("10.0.0.1"),
DataDisk: pulumi.String("test data disk"),
StoragePolicyName: pulumi.String("storage_policy_name"),
},
NetworkConfig: &gkeonprem.VmwareAdminClusterNetworkConfigArgs{
ServiceAddressCidrBlocks: pulumi.StringArray{
pulumi.String("10.96.0.0/12"),
},
PodAddressCidrBlocks: pulumi.StringArray{
pulumi.String("192.168.0.0/16"),
},
HaControlPlaneConfig: &gkeonprem.VmwareAdminClusterNetworkConfigHaControlPlaneConfigArgs{
ControlPlaneIpBlock: &gkeonprem.VmwareAdminClusterNetworkConfigHaControlPlaneConfigControlPlaneIpBlockArgs{
Gateway: pulumi.String("10.0.0.3"),
Ips: gkeonprem.VmwareAdminClusterNetworkConfigHaControlPlaneConfigControlPlaneIpBlockIpArray{
&gkeonprem.VmwareAdminClusterNetworkConfigHaControlPlaneConfigControlPlaneIpBlockIpArgs{
Hostname: pulumi.String("hostname"),
Ip: pulumi.String("10.0.0.4"),
},
},
Netmask: pulumi.String("10.0.0.3/32"),
},
},
HostConfig: &gkeonprem.VmwareAdminClusterNetworkConfigHostConfigArgs{
DnsServers: pulumi.StringArray{
pulumi.String("10.254.41.1"),
},
NtpServers: pulumi.StringArray{
pulumi.String("216.239.35.8"),
},
DnsSearchDomains: pulumi.StringArray{
pulumi.String("test-domain"),
},
},
StaticIpConfig: &gkeonprem.VmwareAdminClusterNetworkConfigStaticIpConfigArgs{
IpBlocks: gkeonprem.VmwareAdminClusterNetworkConfigStaticIpConfigIpBlockArray{
&gkeonprem.VmwareAdminClusterNetworkConfigStaticIpConfigIpBlockArgs{
Gateway: pulumi.String("10.0.0.1"),
Ips: gkeonprem.VmwareAdminClusterNetworkConfigStaticIpConfigIpBlockIpArray{
&gkeonprem.VmwareAdminClusterNetworkConfigStaticIpConfigIpBlockIpArgs{
Hostname: pulumi.String("hostname"),
Ip: pulumi.String("10.0.0.2"),
},
},
Netmask: pulumi.String("10.0.0.3/32"),
},
},
},
VcenterNetwork: pulumi.String("test-vcenter-network"),
},
ControlPlaneNode: &gkeonprem.VmwareAdminClusterControlPlaneNodeArgs{
Cpus: pulumi.Int(4),
Memory: pulumi.Int(8192),
Replicas: pulumi.Int(3),
},
LoadBalancer: &gkeonprem.VmwareAdminClusterLoadBalancerArgs{
VipConfig: &gkeonprem.VmwareAdminClusterLoadBalancerVipConfigArgs{
ControlPlaneVip: pulumi.String("10.251.133.5"),
AddonsVip: pulumi.String("10.251.135.19"),
},
ManualLbConfig: &gkeonprem.VmwareAdminClusterLoadBalancerManualLbConfigArgs{
AddonsNodePort: pulumi.Int(30005),
ControlPlaneNodePort: pulumi.Int(30006),
IngressHttpNodePort: pulumi.Int(30007),
IngressHttpsNodePort: pulumi.Int(30008),
KonnectivityServerNodePort: pulumi.Int(30009),
},
},
AddonNode: &gkeonprem.VmwareAdminClusterAddonNodeArgs{
AutoResizeConfig: &gkeonprem.VmwareAdminClusterAddonNodeAutoResizeConfigArgs{
Enabled: pulumi.Bool(true),
},
},
AntiAffinityGroups: &gkeonprem.VmwareAdminClusterAntiAffinityGroupsArgs{
AagConfigDisabled: pulumi.Bool(true),
},
Authorization: &gkeonprem.VmwareAdminClusterAuthorizationArgs{
ViewerUsers: gkeonprem.VmwareAdminClusterAuthorizationViewerUserArray{
&gkeonprem.VmwareAdminClusterAuthorizationViewerUserArgs{
Username: pulumi.String("user1@gmail.com"),
},
},
},
AutoRepairConfig: &gkeonprem.VmwareAdminClusterAutoRepairConfigArgs{
Enabled: pulumi.Bool(true),
},
PlatformConfig: &gkeonprem.VmwareAdminClusterPlatformConfigArgs{
RequiredPlatformVersion: pulumi.String("1.31.0"),
},
PrivateRegistryConfig: &gkeonprem.VmwareAdminClusterPrivateRegistryConfigArgs{
Address: pulumi.String("test-address"),
CaCert: pulumi.String("test-ca-cert"),
},
Proxy: &gkeonprem.VmwareAdminClusterProxyArgs{
Url: pulumi.String("http://my-proxy.example.local:80"),
NoProxy: pulumi.String("10.151.222.0/24,my-host.example.local,10.151.2.1"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var admin_cluster_full = new Gcp.GkeOnPrem.VmwareAdminCluster("admin-cluster-full", new()
{
Name = "full",
Location = "us-west1",
Description = "test admin cluster",
BootstrapClusterMembership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
OnPremVersion = "1.31.0-gke.35",
ImageType = "ubuntu_containerd",
Annotations = null,
Vcenter = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterVcenterArgs
{
ResourcePool = "test resource pool",
Datastore = "test data store",
Datacenter = "test data center",
Cluster = "test cluster",
Folder = "test folder",
CaCertData = "test ca cert data",
Address = "10.0.0.1",
DataDisk = "test data disk",
StoragePolicyName = "storage_policy_name",
},
NetworkConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigArgs
{
ServiceAddressCidrBlocks = new[]
{
"10.96.0.0/12",
},
PodAddressCidrBlocks = new[]
{
"192.168.0.0/16",
},
HaControlPlaneConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigHaControlPlaneConfigArgs
{
ControlPlaneIpBlock = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigHaControlPlaneConfigControlPlaneIpBlockArgs
{
Gateway = "10.0.0.3",
Ips = new[]
{
new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigHaControlPlaneConfigControlPlaneIpBlockIpArgs
{
Hostname = "hostname",
Ip = "10.0.0.4",
},
},
Netmask = "10.0.0.3/32",
},
},
HostConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigHostConfigArgs
{
DnsServers = new[]
{
"10.254.41.1",
},
NtpServers = new[]
{
"216.239.35.8",
},
DnsSearchDomains = new[]
{
"test-domain",
},
},
StaticIpConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigStaticIpConfigArgs
{
IpBlocks = new[]
{
new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigStaticIpConfigIpBlockArgs
{
Gateway = "10.0.0.1",
Ips = new[]
{
new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigStaticIpConfigIpBlockIpArgs
{
Hostname = "hostname",
Ip = "10.0.0.2",
},
},
Netmask = "10.0.0.3/32",
},
},
},
VcenterNetwork = "test-vcenter-network",
},
ControlPlaneNode = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterControlPlaneNodeArgs
{
Cpus = 4,
Memory = 8192,
Replicas = 3,
},
LoadBalancer = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterLoadBalancerArgs
{
VipConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterLoadBalancerVipConfigArgs
{
ControlPlaneVip = "10.251.133.5",
AddonsVip = "10.251.135.19",
},
ManualLbConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterLoadBalancerManualLbConfigArgs
{
AddonsNodePort = 30005,
ControlPlaneNodePort = 30006,
IngressHttpNodePort = 30007,
IngressHttpsNodePort = 30008,
KonnectivityServerNodePort = 30009,
},
},
AddonNode = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterAddonNodeArgs
{
AutoResizeConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterAddonNodeAutoResizeConfigArgs
{
Enabled = true,
},
},
AntiAffinityGroups = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterAntiAffinityGroupsArgs
{
AagConfigDisabled = true,
},
Authorization = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterAuthorizationArgs
{
ViewerUsers = new[]
{
new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterAuthorizationViewerUserArgs
{
Username = "user1@gmail.com",
},
},
},
AutoRepairConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterAutoRepairConfigArgs
{
Enabled = true,
},
PlatformConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterPlatformConfigArgs
{
RequiredPlatformVersion = "1.31.0",
},
PrivateRegistryConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterPrivateRegistryConfigArgs
{
Address = "test-address",
CaCert = "test-ca-cert",
},
Proxy = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterProxyArgs
{
Url = "http://my-proxy.example.local:80",
NoProxy = "10.151.222.0/24,my-host.example.local,10.151.2.1",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.gkeonprem.VmwareAdminCluster;
import com.pulumi.gcp.gkeonprem.VmwareAdminClusterArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterVcenterArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterNetworkConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterNetworkConfigHaControlPlaneConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterNetworkConfigHaControlPlaneConfigControlPlaneIpBlockArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterNetworkConfigHostConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterNetworkConfigStaticIpConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterControlPlaneNodeArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterLoadBalancerArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterLoadBalancerVipConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterLoadBalancerManualLbConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterAddonNodeArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterAddonNodeAutoResizeConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterAntiAffinityGroupsArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterAuthorizationArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterAutoRepairConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterPlatformConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterPrivateRegistryConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterProxyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var admin_cluster_full = new VmwareAdminCluster("admin-cluster-full", VmwareAdminClusterArgs.builder()
.name("full")
.location("us-west1")
.description("test admin cluster")
.bootstrapClusterMembership("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test")
.onPremVersion("1.31.0-gke.35")
.imageType("ubuntu_containerd")
.annotations(Map.ofEntries(
))
.vcenter(VmwareAdminClusterVcenterArgs.builder()
.resourcePool("test resource pool")
.datastore("test data store")
.datacenter("test data center")
.cluster("test cluster")
.folder("test folder")
.caCertData("test ca cert data")
.address("10.0.0.1")
.dataDisk("test data disk")
.storagePolicyName("storage_policy_name")
.build())
.networkConfig(VmwareAdminClusterNetworkConfigArgs.builder()
.serviceAddressCidrBlocks("10.96.0.0/12")
.podAddressCidrBlocks("192.168.0.0/16")
.haControlPlaneConfig(VmwareAdminClusterNetworkConfigHaControlPlaneConfigArgs.builder()
.controlPlaneIpBlock(VmwareAdminClusterNetworkConfigHaControlPlaneConfigControlPlaneIpBlockArgs.builder()
.gateway("10.0.0.3")
.ips(VmwareAdminClusterNetworkConfigHaControlPlaneConfigControlPlaneIpBlockIpArgs.builder()
.hostname("hostname")
.ip("10.0.0.4")
.build())
.netmask("10.0.0.3/32")
.build())
.build())
.hostConfig(VmwareAdminClusterNetworkConfigHostConfigArgs.builder()
.dnsServers("10.254.41.1")
.ntpServers("216.239.35.8")
.dnsSearchDomains("test-domain")
.build())
.staticIpConfig(VmwareAdminClusterNetworkConfigStaticIpConfigArgs.builder()
.ipBlocks(VmwareAdminClusterNetworkConfigStaticIpConfigIpBlockArgs.builder()
.gateway("10.0.0.1")
.ips(VmwareAdminClusterNetworkConfigStaticIpConfigIpBlockIpArgs.builder()
.hostname("hostname")
.ip("10.0.0.2")
.build())
.netmask("10.0.0.3/32")
.build())
.build())
.vcenterNetwork("test-vcenter-network")
.build())
.controlPlaneNode(VmwareAdminClusterControlPlaneNodeArgs.builder()
.cpus(4)
.memory(8192)
.replicas(3)
.build())
.loadBalancer(VmwareAdminClusterLoadBalancerArgs.builder()
.vipConfig(VmwareAdminClusterLoadBalancerVipConfigArgs.builder()
.controlPlaneVip("10.251.133.5")
.addonsVip("10.251.135.19")
.build())
.manualLbConfig(VmwareAdminClusterLoadBalancerManualLbConfigArgs.builder()
.addonsNodePort(30005)
.controlPlaneNodePort(30006)
.ingressHttpNodePort(30007)
.ingressHttpsNodePort(30008)
.konnectivityServerNodePort(30009)
.build())
.build())
.addonNode(VmwareAdminClusterAddonNodeArgs.builder()
.autoResizeConfig(VmwareAdminClusterAddonNodeAutoResizeConfigArgs.builder()
.enabled(true)
.build())
.build())
.antiAffinityGroups(VmwareAdminClusterAntiAffinityGroupsArgs.builder()
.aagConfigDisabled(true)
.build())
.authorization(VmwareAdminClusterAuthorizationArgs.builder()
.viewerUsers(VmwareAdminClusterAuthorizationViewerUserArgs.builder()
.username("user1@gmail.com")
.build())
.build())
.autoRepairConfig(VmwareAdminClusterAutoRepairConfigArgs.builder()
.enabled(true)
.build())
.platformConfig(VmwareAdminClusterPlatformConfigArgs.builder()
.requiredPlatformVersion("1.31.0")
.build())
.privateRegistryConfig(VmwareAdminClusterPrivateRegistryConfigArgs.builder()
.address("test-address")
.caCert("test-ca-cert")
.build())
.proxy(VmwareAdminClusterProxyArgs.builder()
.url("http://my-proxy.example.local:80")
.noProxy("10.151.222.0/24,my-host.example.local,10.151.2.1")
.build())
.build());
}
}
resources:
admin-cluster-full:
type: gcp:gkeonprem:VmwareAdminCluster
properties:
name: full
location: us-west1
description: test admin cluster
bootstrapClusterMembership: projects/870316890899/locations/global/memberships/gkeonprem-terraform-test
onPremVersion: 1.31.0-gke.35
imageType: ubuntu_containerd
annotations: {}
vcenter:
resourcePool: test resource pool
datastore: test data store
datacenter: test data center
cluster: test cluster
folder: test folder
caCertData: test ca cert data
address: 10.0.0.1
dataDisk: test data disk
storagePolicyName: storage_policy_name
networkConfig:
serviceAddressCidrBlocks:
- 10.96.0.0/12
podAddressCidrBlocks:
- 192.168.0.0/16
haControlPlaneConfig:
controlPlaneIpBlock:
gateway: 10.0.0.3
ips:
- hostname: hostname
ip: 10.0.0.4
netmask: 10.0.0.3/32
hostConfig:
dnsServers:
- 10.254.41.1
ntpServers:
- 216.239.35.8
dnsSearchDomains:
- test-domain
staticIpConfig:
ipBlocks:
- gateway: 10.0.0.1
ips:
- hostname: hostname
ip: 10.0.0.2
netmask: 10.0.0.3/32
vcenterNetwork: test-vcenter-network
controlPlaneNode:
cpus: 4
memory: 8192
replicas: 3
loadBalancer:
vipConfig:
controlPlaneVip: 10.251.133.5
addonsVip: 10.251.135.19
manualLbConfig:
addonsNodePort: 30005
controlPlaneNodePort: 30006
ingressHttpNodePort: 30007
ingressHttpsNodePort: 30008
konnectivityServerNodePort: 30009
addonNode:
autoResizeConfig:
enabled: true
antiAffinityGroups:
aagConfigDisabled: true
authorization:
viewerUsers:
- username: user1@gmail.com
autoRepairConfig:
enabled: true
platformConfig:
requiredPlatformVersion: 1.31.0
privateRegistryConfig:
address: test-address
caCert: test-ca-cert
proxy:
url: http://my-proxy.example.local:80
noProxy: 10.151.222.0/24,my-host.example.local,10.151.2.1
The haControlPlaneConfig defines a control plane IP block with gateway, IPs, and netmask for HA nodes. The staticIpConfig replaces DHCP with pre-allocated IP blocks for cluster nodes. The manualLbConfig specifies NodePort values for each service instead of relying on F5 or MetalLB. The hostConfig provides DNS and NTP servers for time synchronization. The authorization block grants viewer access to specific users, while autoRepairConfig enables automatic node repair. The addonNode and antiAffinityGroups blocks control add-on node scaling and physical host distribution.
Enable MetalLB for software-based load balancing
Environments without hardware load balancers can use MetalLB, a software load balancer that runs within the cluster and allocates IPs from a configured pool.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const admin_cluster_metallb = new gcp.gkeonprem.VmwareAdminCluster("admin-cluster-metallb", {
name: "metallb",
location: "us-west1",
description: "test admin cluster",
bootstrapClusterMembership: "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
onPremVersion: "1.33.0-gke.35",
imageType: "ubuntu_containerd",
enableAdvancedCluster: true,
vcenter: {
resourcePool: "test resource pool",
datastore: "test data store",
datacenter: "test data center",
cluster: "test cluster",
folder: "test folder",
caCertData: "test ca cert data",
address: "10.0.0.1",
dataDisk: "test data disk",
},
networkConfig: {
serviceAddressCidrBlocks: ["10.96.0.0/12"],
podAddressCidrBlocks: ["192.168.0.0/16"],
dhcpIpConfig: {
enabled: true,
},
},
controlPlaneNode: {
cpus: 4,
memory: 8192,
},
loadBalancer: {
vipConfig: {
controlPlaneVip: "10.251.133.5",
addonsVip: "10.251.135.19",
},
metalLbConfig: {
enabled: true,
},
},
privateRegistryConfig: {
address: "test-address",
caCert: "test-ca-cert",
},
proxy: {
url: "http://my-proxy.example.local:80",
noProxy: "10.151.222.0/24,my-host.example.local,10.151.2.1",
},
});
import pulumi
import pulumi_gcp as gcp
admin_cluster_metallb = gcp.gkeonprem.VmwareAdminCluster("admin-cluster-metallb",
name="metallb",
location="us-west1",
description="test admin cluster",
bootstrap_cluster_membership="projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
on_prem_version="1.33.0-gke.35",
image_type="ubuntu_containerd",
enable_advanced_cluster=True,
vcenter={
"resource_pool": "test resource pool",
"datastore": "test data store",
"datacenter": "test data center",
"cluster": "test cluster",
"folder": "test folder",
"ca_cert_data": "test ca cert data",
"address": "10.0.0.1",
"data_disk": "test data disk",
},
network_config={
"service_address_cidr_blocks": ["10.96.0.0/12"],
"pod_address_cidr_blocks": ["192.168.0.0/16"],
"dhcp_ip_config": {
"enabled": True,
},
},
control_plane_node={
"cpus": 4,
"memory": 8192,
},
load_balancer={
"vip_config": {
"control_plane_vip": "10.251.133.5",
"addons_vip": "10.251.135.19",
},
"metal_lb_config": {
"enabled": True,
},
},
private_registry_config={
"address": "test-address",
"ca_cert": "test-ca-cert",
},
proxy={
"url": "http://my-proxy.example.local:80",
"no_proxy": "10.151.222.0/24,my-host.example.local,10.151.2.1",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/gkeonprem"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gkeonprem.NewVmwareAdminCluster(ctx, "admin-cluster-metallb", &gkeonprem.VmwareAdminClusterArgs{
Name: pulumi.String("metallb"),
Location: pulumi.String("us-west1"),
Description: pulumi.String("test admin cluster"),
BootstrapClusterMembership: pulumi.String("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test"),
OnPremVersion: pulumi.String("1.33.0-gke.35"),
ImageType: pulumi.String("ubuntu_containerd"),
EnableAdvancedCluster: pulumi.Bool(true),
Vcenter: &gkeonprem.VmwareAdminClusterVcenterArgs{
ResourcePool: pulumi.String("test resource pool"),
Datastore: pulumi.String("test data store"),
Datacenter: pulumi.String("test data center"),
Cluster: pulumi.String("test cluster"),
Folder: pulumi.String("test folder"),
CaCertData: pulumi.String("test ca cert data"),
Address: pulumi.String("10.0.0.1"),
DataDisk: pulumi.String("test data disk"),
},
NetworkConfig: &gkeonprem.VmwareAdminClusterNetworkConfigArgs{
ServiceAddressCidrBlocks: pulumi.StringArray{
pulumi.String("10.96.0.0/12"),
},
PodAddressCidrBlocks: pulumi.StringArray{
pulumi.String("192.168.0.0/16"),
},
DhcpIpConfig: &gkeonprem.VmwareAdminClusterNetworkConfigDhcpIpConfigArgs{
Enabled: pulumi.Bool(true),
},
},
ControlPlaneNode: &gkeonprem.VmwareAdminClusterControlPlaneNodeArgs{
Cpus: pulumi.Int(4),
Memory: pulumi.Int(8192),
},
LoadBalancer: &gkeonprem.VmwareAdminClusterLoadBalancerArgs{
VipConfig: &gkeonprem.VmwareAdminClusterLoadBalancerVipConfigArgs{
ControlPlaneVip: pulumi.String("10.251.133.5"),
AddonsVip: pulumi.String("10.251.135.19"),
},
MetalLbConfig: &gkeonprem.VmwareAdminClusterLoadBalancerMetalLbConfigArgs{
Enabled: pulumi.Bool(true),
},
},
PrivateRegistryConfig: &gkeonprem.VmwareAdminClusterPrivateRegistryConfigArgs{
Address: pulumi.String("test-address"),
CaCert: pulumi.String("test-ca-cert"),
},
Proxy: &gkeonprem.VmwareAdminClusterProxyArgs{
Url: pulumi.String("http://my-proxy.example.local:80"),
NoProxy: pulumi.String("10.151.222.0/24,my-host.example.local,10.151.2.1"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var admin_cluster_metallb = new Gcp.GkeOnPrem.VmwareAdminCluster("admin-cluster-metallb", new()
{
Name = "metallb",
Location = "us-west1",
Description = "test admin cluster",
BootstrapClusterMembership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test",
OnPremVersion = "1.33.0-gke.35",
ImageType = "ubuntu_containerd",
EnableAdvancedCluster = true,
Vcenter = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterVcenterArgs
{
ResourcePool = "test resource pool",
Datastore = "test data store",
Datacenter = "test data center",
Cluster = "test cluster",
Folder = "test folder",
CaCertData = "test ca cert data",
Address = "10.0.0.1",
DataDisk = "test data disk",
},
NetworkConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigArgs
{
ServiceAddressCidrBlocks = new[]
{
"10.96.0.0/12",
},
PodAddressCidrBlocks = new[]
{
"192.168.0.0/16",
},
DhcpIpConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterNetworkConfigDhcpIpConfigArgs
{
Enabled = true,
},
},
ControlPlaneNode = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterControlPlaneNodeArgs
{
Cpus = 4,
Memory = 8192,
},
LoadBalancer = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterLoadBalancerArgs
{
VipConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterLoadBalancerVipConfigArgs
{
ControlPlaneVip = "10.251.133.5",
AddonsVip = "10.251.135.19",
},
MetalLbConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterLoadBalancerMetalLbConfigArgs
{
Enabled = true,
},
},
PrivateRegistryConfig = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterPrivateRegistryConfigArgs
{
Address = "test-address",
CaCert = "test-ca-cert",
},
Proxy = new Gcp.GkeOnPrem.Inputs.VmwareAdminClusterProxyArgs
{
Url = "http://my-proxy.example.local:80",
NoProxy = "10.151.222.0/24,my-host.example.local,10.151.2.1",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.gkeonprem.VmwareAdminCluster;
import com.pulumi.gcp.gkeonprem.VmwareAdminClusterArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterVcenterArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterNetworkConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterNetworkConfigDhcpIpConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterControlPlaneNodeArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterLoadBalancerArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterLoadBalancerVipConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterLoadBalancerMetalLbConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterPrivateRegistryConfigArgs;
import com.pulumi.gcp.gkeonprem.inputs.VmwareAdminClusterProxyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var admin_cluster_metallb = new VmwareAdminCluster("admin-cluster-metallb", VmwareAdminClusterArgs.builder()
.name("metallb")
.location("us-west1")
.description("test admin cluster")
.bootstrapClusterMembership("projects/870316890899/locations/global/memberships/gkeonprem-terraform-test")
.onPremVersion("1.33.0-gke.35")
.imageType("ubuntu_containerd")
.enableAdvancedCluster(true)
.vcenter(VmwareAdminClusterVcenterArgs.builder()
.resourcePool("test resource pool")
.datastore("test data store")
.datacenter("test data center")
.cluster("test cluster")
.folder("test folder")
.caCertData("test ca cert data")
.address("10.0.0.1")
.dataDisk("test data disk")
.build())
.networkConfig(VmwareAdminClusterNetworkConfigArgs.builder()
.serviceAddressCidrBlocks("10.96.0.0/12")
.podAddressCidrBlocks("192.168.0.0/16")
.dhcpIpConfig(VmwareAdminClusterNetworkConfigDhcpIpConfigArgs.builder()
.enabled(true)
.build())
.build())
.controlPlaneNode(VmwareAdminClusterControlPlaneNodeArgs.builder()
.cpus(4)
.memory(8192)
.build())
.loadBalancer(VmwareAdminClusterLoadBalancerArgs.builder()
.vipConfig(VmwareAdminClusterLoadBalancerVipConfigArgs.builder()
.controlPlaneVip("10.251.133.5")
.addonsVip("10.251.135.19")
.build())
.metalLbConfig(VmwareAdminClusterLoadBalancerMetalLbConfigArgs.builder()
.enabled(true)
.build())
.build())
.privateRegistryConfig(VmwareAdminClusterPrivateRegistryConfigArgs.builder()
.address("test-address")
.caCert("test-ca-cert")
.build())
.proxy(VmwareAdminClusterProxyArgs.builder()
.url("http://my-proxy.example.local:80")
.noProxy("10.151.222.0/24,my-host.example.local,10.151.2.1")
.build())
.build());
}
}
resources:
admin-cluster-metallb:
type: gcp:gkeonprem:VmwareAdminCluster
properties:
name: metallb
location: us-west1
description: test admin cluster
bootstrapClusterMembership: projects/870316890899/locations/global/memberships/gkeonprem-terraform-test
onPremVersion: 1.33.0-gke.35
imageType: ubuntu_containerd
enableAdvancedCluster: true
vcenter:
resourcePool: test resource pool
datastore: test data store
datacenter: test data center
cluster: test cluster
folder: test folder
caCertData: test ca cert data
address: 10.0.0.1
dataDisk: test data disk
networkConfig:
serviceAddressCidrBlocks:
- 10.96.0.0/12
podAddressCidrBlocks:
- 192.168.0.0/16
dhcpIpConfig:
enabled: true
controlPlaneNode:
cpus: 4
memory: 8192
loadBalancer:
vipConfig:
controlPlaneVip: 10.251.133.5
addonsVip: 10.251.135.19
metalLbConfig:
enabled: true
privateRegistryConfig:
address: test-address
caCert: test-ca-cert
proxy:
url: http://my-proxy.example.local:80
noProxy: 10.151.222.0/24,my-host.example.local,10.151.2.1
The metalLbConfig enables MetalLB instead of F5 or manual configuration. The enableAdvancedCluster flag activates advanced cluster features required for MetalLB. The proxy block configures HTTP proxy settings with noProxy exceptions for internal networks. MetalLB eliminates the need for external load balancer hardware but requires IP pool configuration (not shown in this example).
Beyond these examples
These snippets focus on specific admin cluster features: load balancer integration (F5, MetalLB, manual), network configuration (DHCP, static IPs, HA control plane), and vCenter connectivity and storage. They’re intentionally minimal rather than full cluster deployments.
The examples reference pre-existing infrastructure such as bootstrap cluster membership, vCenter resources (resource pools, datastores, datacenters, clusters, folders), load balancers (F5) or proxy servers, and DNS and NTP servers for static IP configurations. They focus on configuring the admin cluster rather than provisioning the surrounding infrastructure.
To keep things focused, common admin cluster patterns are omitted, including:
- Private registry authentication details (privateRegistryConfig shows structure only)
- Platform version constraints and upgrade policies
- Add-on node auto-scaling thresholds and limits
- Anti-affinity group configuration details
- RBAC viewer/admin user management beyond basic authorization
- Auto-repair configuration timing and policies
These omissions are intentional: the goal is to illustrate how each admin cluster feature is wired, not provide drop-in production modules. See the VmwareAdminCluster resource reference for all available configuration options.
Let's deploy GCP VMware Admin Clusters
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Configuration & Immutability
What properties can't I change after creating the cluster?
The
location, name, and project properties are immutable and cannot be changed after cluster creation. Modifying these values will force resource recreation.What is the bootstrap cluster membership?
The
bootstrapClusterMembership is a required property that specifies the bootstrap cluster this admin cluster belongs to. Use the format projects/{project}/locations/global/memberships/{membership}.Networking & IP Configuration
Should I use DHCP or static IP configuration?
Configure
networkConfig.dhcpIpConfig with enabled: true for DHCP, or use networkConfig.staticIpConfig with ipBlocks for static IP assignment. Choose based on your network infrastructure.How do I configure high availability for the control plane?
Set
controlPlaneNode.replicas to 3 and configure networkConfig.haControlPlaneConfig with a controlPlaneIpBlock containing gateway, IPs, and netmask.What CIDR blocks do I need to configure?
Configure
networkConfig.serviceAddressCidrBlocks (e.g., 10.96.0.0/12) for Kubernetes services and networkConfig.podAddressCidrBlocks (e.g., 192.168.0.0/16) for pod networking.Load Balancing
What load balancer options are available?
You can configure three types of load balancers:
- F5 - Use
f5Configwith address, partition, and snatPool - Manual - Use
manualLbConfigwith node port assignments - MetalLB - Use
metalLbConfigwithenabled: true(requiresenableAdvancedCluster: true)
All options require vipConfig with controlPlaneVip and addonsVip.
Advanced Features
When should I enable advanced cluster features?
Set
enableAdvancedCluster to true when using MetalLB load balancing or other advanced cluster capabilities. This is required for the MetalLB configuration.How do I configure the control plane node resources?
Set
controlPlaneNode.cpus and controlPlaneNode.memory (in MB) to specify resource allocation. Examples show 4 CPUs and 8192 MB (8 GB) memory. Optionally set replicas for HA (default is 1, HA uses 3).Annotations & Metadata
Why aren't all my annotations showing up in the annotations field?
The
annotations field is non-authoritative and only manages annotations present in your configuration. To view all annotations on the resource (including those set by other clients or services), use the effectiveAnnotations output property.Using a different cloud?
Explore containers guides for other cloud providers: