The gcp:workstations/workstationConfig:WorkstationConfig resource, part of the Pulumi GCP provider, defines the runtime environment for Cloud Workstations: compute resources, container images, storage, and network access controls. This guide focuses on four capabilities: compute instance configuration and timeouts, container images and persistent storage, GPU acceleration and performance boost profiles, and encryption and network access controls.
Workstation configs belong to a WorkstationCluster, which provides the VPC network and subnet. Some configurations reference KMS keys, service accounts, or compute snapshots. The examples are intentionally small. Combine them with your own cluster infrastructure and security policies.
Configure compute resources and timeout behavior
Most deployments start by defining the underlying compute instance, setting timeouts to control costs, and specifying replica zones for availability.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const tagKey1 = new gcp.tags.TagKey("tag_key1", {
parent: "organizations/123456789",
shortName: "keyname",
});
const tagValue1 = new gcp.tags.TagValue("tag_value1", {
parent: tagKey1.id,
shortName: "valuename",
});
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
idleTimeout: "600s",
runningTimeout: "21600s",
replicaZones: [
"us-central1-a",
"us-central1-b",
],
annotations: {
"label-one": "value-one",
},
labels: {
label: "key",
},
maxUsableWorkstations: 1,
host: {
gceInstance: {
machineType: "e2-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
disableSsh: false,
vmTags: pulumi.all([tagKey1.id, tagValue1.id]).apply(([tagKey1Id, tagValue1Id]) => {
[tagKey1Id]: tagValue1Id,
}),
},
},
});
import pulumi
import pulumi_gcp as gcp
tag_key1 = gcp.tags.TagKey("tag_key1",
parent="organizations/123456789",
short_name="keyname")
tag_value1 = gcp.tags.TagValue("tag_value1",
parent=tag_key1.id,
short_name="valuename")
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
idle_timeout="600s",
running_timeout="21600s",
replica_zones=[
"us-central1-a",
"us-central1-b",
],
annotations={
"label-one": "value-one",
},
labels={
"label": "key",
},
max_usable_workstations=1,
host={
"gce_instance": {
"machine_type": "e2-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"disable_ssh": False,
"vm_tags": pulumi.Output.all(
tagKey1Id=tag_key1.id,
tagValue1Id=tag_value1.id
).apply(lambda resolved_outputs: {
resolved_outputs['tagKey1Id']: resolved_outputs['tagValue1Id'],
})
,
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/tags"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tagKey1, err := tags.NewTagKey(ctx, "tag_key1", &tags.TagKeyArgs{
Parent: pulumi.String("organizations/123456789"),
ShortName: pulumi.String("keyname"),
})
if err != nil {
return err
}
tagValue1, err := tags.NewTagValue(ctx, "tag_value1", &tags.TagValueArgs{
Parent: tagKey1.ID(),
ShortName: pulumi.String("valuename"),
})
if err != nil {
return err
}
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
IdleTimeout: pulumi.String("600s"),
RunningTimeout: pulumi.String("21600s"),
ReplicaZones: pulumi.StringArray{
pulumi.String("us-central1-a"),
pulumi.String("us-central1-b"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
MaxUsableWorkstations: pulumi.Int(1),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("e2-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
DisableSsh: pulumi.Bool(false),
VmTags: pulumi.All(tagKey1.ID(),tagValue1.ID()).ApplyT(func(_args []interface{}) (map[string]string, error) {
tagKey1Id := _args[0].(string)
tagValue1Id := _args[1].(string)
return map[string]string{
tagKey1Id: tagValue1Id,
}, nil
}).(pulumi.Map[string]stringOutput),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var tagKey1 = new Gcp.Tags.TagKey("tag_key1", new()
{
Parent = "organizations/123456789",
ShortName = "keyname",
});
var tagValue1 = new Gcp.Tags.TagValue("tag_value1", new()
{
Parent = tagKey1.Id,
ShortName = "valuename",
});
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
IdleTimeout = "600s",
RunningTimeout = "21600s",
ReplicaZones = new[]
{
"us-central1-a",
"us-central1-b",
},
Annotations =
{
{ "label-one", "value-one" },
},
Labels =
{
{ "label", "key" },
},
MaxUsableWorkstations = 1,
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "e2-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
DisableSsh = false,
VmTags = Output.Tuple(tagKey1.Id, tagValue1.Id).Apply(values =>
{
var tagKey1Id = values.Item1;
var tagValue1Id = values.Item2;
return
{
{ tagKey1Id, tagValue1Id },
};
}),
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.tags.TagKey;
import com.pulumi.gcp.tags.TagKeyArgs;
import com.pulumi.gcp.tags.TagValue;
import com.pulumi.gcp.tags.TagValueArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var tagKey1 = new TagKey("tagKey1", TagKeyArgs.builder()
.parent("organizations/123456789")
.shortName("keyname")
.build());
var tagValue1 = new TagValue("tagValue1", TagValueArgs.builder()
.parent(tagKey1.id())
.shortName("valuename")
.build());
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.idleTimeout("600s")
.runningTimeout("21600s")
.replicaZones(
"us-central1-a",
"us-central1-b")
.annotations(Map.of("label-one", "value-one"))
.labels(Map.of("label", "key"))
.maxUsableWorkstations(1)
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("e2-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.disableSsh(false)
.vmTags(Output.tuple(tagKey1.id(), tagValue1.id()).applyValue(values -> {
var tagKey1Id = values.t1;
var tagValue1Id = values.t2;
return Map.of(tagKey1Id, tagValue1Id);
}))
.build())
.build())
.build());
}
}
resources:
tagKey1:
type: gcp:tags:TagKey
name: tag_key1
properties:
parent: organizations/123456789
shortName: keyname
tagValue1:
type: gcp:tags:TagValue
name: tag_value1
properties:
parent: ${tagKey1.id}
shortName: valuename
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
idleTimeout: 600s
runningTimeout: 21600s
replicaZones:
- us-central1-a
- us-central1-b
annotations:
label-one: value-one
labels:
label: key
maxUsableWorkstations: 1
host:
gceInstance:
machineType: e2-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
disableSsh: false
vmTags:
${tagKey1.id}: ${tagValue1.id}
The machineType and bootDiskSizeGb properties define the instance size. The idleTimeout stops workstations after inactivity (here, 600 seconds), while runningTimeout enforces a maximum session duration (21600 seconds, or 6 hours). The replicaZones array specifies two zones for VM and disk replication within the region.
Specify container image and environment variables
Development teams often run specific IDE containers with custom environment configuration.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "n1-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
enableNestedVirtualization: true,
},
},
container: {
image: "intellij",
env: {
NAME: "FOO",
BABE: "bar",
},
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "n1-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"enable_nested_virtualization": True,
},
},
container={
"image": "intellij",
"env": {
"NAME": "FOO",
"BABE": "bar",
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("n1-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
EnableNestedVirtualization: pulumi.Bool(true),
},
},
Container: &workstations.WorkstationConfigContainerArgs{
Image: pulumi.String("intellij"),
Env: pulumi.StringMap{
"NAME": pulumi.String("FOO"),
"BABE": pulumi.String("bar"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "n1-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
EnableNestedVirtualization = true,
},
},
Container = new Gcp.Workstations.Inputs.WorkstationConfigContainerArgs
{
Image = "intellij",
Env =
{
{ "NAME", "FOO" },
{ "BABE", "bar" },
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigContainerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("n1-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.enableNestedVirtualization(true)
.build())
.build())
.container(WorkstationConfigContainerArgs.builder()
.image("intellij")
.env(Map.ofEntries(
Map.entry("NAME", "FOO"),
Map.entry("BABE", "bar")
))
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: n1-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
enableNestedVirtualization: true
container:
image: intellij
env:
NAME: FOO
BABE: bar
The container block defines the image to run (here, “intellij”) and passes environment variables via the env map. Without a container block, workstations use a default image. The enableNestedVirtualization property allows running VMs inside the workstation.
Attach persistent storage for user data
Workstations need persistent storage to preserve files and configuration across sessions.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "e2-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
shieldedInstanceConfig: {
enableSecureBoot: true,
enableVtpm: true,
},
},
},
persistentDirectories: [{
mountPath: "/home",
gcePd: {
sizeGb: 200,
fsType: "ext4",
diskType: "pd-standard",
reclaimPolicy: "DELETE",
},
}],
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "e2-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"shielded_instance_config": {
"enable_secure_boot": True,
"enable_vtpm": True,
},
},
},
persistent_directories=[{
"mount_path": "/home",
"gce_pd": {
"size_gb": 200,
"fs_type": "ext4",
"disk_type": "pd-standard",
"reclaim_policy": "DELETE",
},
}])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("e2-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
ShieldedInstanceConfig: &workstations.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs{
EnableSecureBoot: pulumi.Bool(true),
EnableVtpm: pulumi.Bool(true),
},
},
},
PersistentDirectories: workstations.WorkstationConfigPersistentDirectoryArray{
&workstations.WorkstationConfigPersistentDirectoryArgs{
MountPath: pulumi.String("/home"),
GcePd: &workstations.WorkstationConfigPersistentDirectoryGcePdArgs{
SizeGb: pulumi.Int(200),
FsType: pulumi.String("ext4"),
DiskType: pulumi.String("pd-standard"),
ReclaimPolicy: pulumi.String("DELETE"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "e2-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
ShieldedInstanceConfig = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs
{
EnableSecureBoot = true,
EnableVtpm = true,
},
},
},
PersistentDirectories = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigPersistentDirectoryArgs
{
MountPath = "/home",
GcePd = new Gcp.Workstations.Inputs.WorkstationConfigPersistentDirectoryGcePdArgs
{
SizeGb = 200,
FsType = "ext4",
DiskType = "pd-standard",
ReclaimPolicy = "DELETE",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigPersistentDirectoryArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigPersistentDirectoryGcePdArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("e2-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.shieldedInstanceConfig(WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs.builder()
.enableSecureBoot(true)
.enableVtpm(true)
.build())
.build())
.build())
.persistentDirectories(WorkstationConfigPersistentDirectoryArgs.builder()
.mountPath("/home")
.gcePd(WorkstationConfigPersistentDirectoryGcePdArgs.builder()
.sizeGb(200)
.fsType("ext4")
.diskType("pd-standard")
.reclaimPolicy("DELETE")
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: e2-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
shieldedInstanceConfig:
enableSecureBoot: true
enableVtpm: true
persistentDirectories:
- mountPath: /home
gcePd:
sizeGb: 200
fsType: ext4
diskType: pd-standard
reclaimPolicy: DELETE
The persistentDirectories array defines storage mounts. Each entry specifies a mountPath (typically /home) and a gcePd block that configures the persistent disk: size, filesystem type, disk type, and reclaim policy. When reclaimPolicy is “DELETE”, the disk is removed when the workstation config is deleted.
Initialize persistent storage from a snapshot
Teams can pre-populate workstation storage by creating persistent disks from existing snapshots.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const mySourceDisk = new gcp.compute.Disk("my_source_disk", {
name: "workstation-config",
size: 10,
type: "pd-ssd",
zone: "us-central1-a",
});
const mySourceSnapshot = new gcp.compute.Snapshot("my_source_snapshot", {
name: "workstation-config",
sourceDisk: mySourceDisk.name,
zone: "us-central1-a",
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: defaultWorkstationCluster.location,
persistentDirectories: [{
mountPath: "/home",
gcePd: {
sourceSnapshot: mySourceSnapshot.id,
reclaimPolicy: "DELETE",
},
}],
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
my_source_disk = gcp.compute.Disk("my_source_disk",
name="workstation-config",
size=10,
type="pd-ssd",
zone="us-central1-a")
my_source_snapshot = gcp.compute.Snapshot("my_source_snapshot",
name="workstation-config",
source_disk=my_source_disk.name,
zone="us-central1-a")
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1")
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location=default_workstation_cluster.location,
persistent_directories=[{
"mount_path": "/home",
"gce_pd": {
"source_snapshot": my_source_snapshot.id,
"reclaim_policy": "DELETE",
},
}])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
mySourceDisk, err := compute.NewDisk(ctx, "my_source_disk", &compute.DiskArgs{
Name: pulumi.String("workstation-config"),
Size: pulumi.Int(10),
Type: pulumi.String("pd-ssd"),
Zone: pulumi.String("us-central1-a"),
})
if err != nil {
return err
}
mySourceSnapshot, err := compute.NewSnapshot(ctx, "my_source_snapshot", &compute.SnapshotArgs{
Name: pulumi.String("workstation-config"),
SourceDisk: mySourceDisk.Name,
Zone: pulumi.String("us-central1-a"),
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: defaultWorkstationCluster.Location,
PersistentDirectories: workstations.WorkstationConfigPersistentDirectoryArray{
&workstations.WorkstationConfigPersistentDirectoryArgs{
MountPath: pulumi.String("/home"),
GcePd: &workstations.WorkstationConfigPersistentDirectoryGcePdArgs{
SourceSnapshot: mySourceSnapshot.ID(),
ReclaimPolicy: pulumi.String("DELETE"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var mySourceDisk = new Gcp.Compute.Disk("my_source_disk", new()
{
Name = "workstation-config",
Size = 10,
Type = "pd-ssd",
Zone = "us-central1-a",
});
var mySourceSnapshot = new Gcp.Compute.Snapshot("my_source_snapshot", new()
{
Name = "workstation-config",
SourceDisk = mySourceDisk.Name,
Zone = "us-central1-a",
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = defaultWorkstationCluster.Location,
PersistentDirectories = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigPersistentDirectoryArgs
{
MountPath = "/home",
GcePd = new Gcp.Workstations.Inputs.WorkstationConfigPersistentDirectoryGcePdArgs
{
SourceSnapshot = mySourceSnapshot.Id,
ReclaimPolicy = "DELETE",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.Disk;
import com.pulumi.gcp.compute.DiskArgs;
import com.pulumi.gcp.compute.Snapshot;
import com.pulumi.gcp.compute.SnapshotArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigPersistentDirectoryArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigPersistentDirectoryGcePdArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var mySourceDisk = new Disk("mySourceDisk", DiskArgs.builder()
.name("workstation-config")
.size(10)
.type("pd-ssd")
.zone("us-central1-a")
.build());
var mySourceSnapshot = new Snapshot("mySourceSnapshot", SnapshotArgs.builder()
.name("workstation-config")
.sourceDisk(mySourceDisk.name())
.zone("us-central1-a")
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location(defaultWorkstationCluster.location())
.persistentDirectories(WorkstationConfigPersistentDirectoryArgs.builder()
.mountPath("/home")
.gcePd(WorkstationConfigPersistentDirectoryGcePdArgs.builder()
.sourceSnapshot(mySourceSnapshot.id())
.reclaimPolicy("DELETE")
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
mySourceDisk:
type: gcp:compute:Disk
name: my_source_disk
properties:
name: workstation-config
size: 10
type: pd-ssd
zone: us-central1-a
mySourceSnapshot:
type: gcp:compute:Snapshot
name: my_source_snapshot
properties:
name: workstation-config
sourceDisk: ${mySourceDisk.name}
zone: us-central1-a
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: ${defaultWorkstationCluster.location}
persistentDirectories:
- mountPath: /home
gcePd:
sourceSnapshot: ${mySourceSnapshot.id}
reclaimPolicy: DELETE
Instead of specifying sizeGb, the gcePd block references a sourceSnapshot. The disk inherits the snapshot’s size and contents, allowing you to clone pre-configured environments. This speeds up provisioning when multiple workstations need identical tooling.
Attach GPUs for compute-intensive workloads
Machine learning and graphics workloads require GPU acceleration.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "n1-standard-2",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
accelerators: [{
type: "nvidia-tesla-t4",
count: 1,
}],
},
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "n1-standard-2",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"accelerators": [{
"type": "nvidia-tesla-t4",
"count": 1,
}],
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("n1-standard-2"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
Accelerators: workstations.WorkstationConfigHostGceInstanceAcceleratorArray{
&workstations.WorkstationConfigHostGceInstanceAcceleratorArgs{
Type: pulumi.String("nvidia-tesla-t4"),
Count: pulumi.Int(1),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "n1-standard-2",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
Accelerators = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceAcceleratorArgs
{
Type = "nvidia-tesla-t4",
Count = 1,
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("n1-standard-2")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.accelerators(WorkstationConfigHostGceInstanceAcceleratorArgs.builder()
.type("nvidia-tesla-t4")
.count(1)
.build())
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: n1-standard-2
bootDiskSizeGb: 35
disablePublicIpAddresses: true
accelerators:
- type: nvidia-tesla-t4
count: '1'
The accelerators array within gceInstance specifies GPU type and count. Here, one nvidia-tesla-t4 GPU is attached. GPU availability depends on the region and machine type; not all combinations are supported.
Define temporary performance boost configurations
Developers can temporarily scale up resources for intensive tasks without permanently increasing baseline costs.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "e2-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
boostConfigs: [
{
id: "boost-1",
machineType: "n1-standard-2",
accelerators: [{
type: "nvidia-tesla-t4",
count: 1,
}],
},
{
id: "boost-2",
machineType: "n1-standard-2",
poolSize: 2,
bootDiskSizeGb: 30,
enableNestedVirtualization: true,
},
],
},
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "e2-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"boost_configs": [
{
"id": "boost-1",
"machine_type": "n1-standard-2",
"accelerators": [{
"type": "nvidia-tesla-t4",
"count": 1,
}],
},
{
"id": "boost-2",
"machine_type": "n1-standard-2",
"pool_size": 2,
"boot_disk_size_gb": 30,
"enable_nested_virtualization": True,
},
],
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("e2-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
BoostConfigs: workstations.WorkstationConfigHostGceInstanceBoostConfigArray{
&workstations.WorkstationConfigHostGceInstanceBoostConfigArgs{
Id: pulumi.String("boost-1"),
MachineType: pulumi.String("n1-standard-2"),
Accelerators: workstations.WorkstationConfigHostGceInstanceBoostConfigAcceleratorArray{
&workstations.WorkstationConfigHostGceInstanceBoostConfigAcceleratorArgs{
Type: pulumi.String("nvidia-tesla-t4"),
Count: pulumi.Int(1),
},
},
},
&workstations.WorkstationConfigHostGceInstanceBoostConfigArgs{
Id: pulumi.String("boost-2"),
MachineType: pulumi.String("n1-standard-2"),
PoolSize: pulumi.Int(2),
BootDiskSizeGb: pulumi.Int(30),
EnableNestedVirtualization: pulumi.Bool(true),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "e2-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
BoostConfigs = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceBoostConfigArgs
{
Id = "boost-1",
MachineType = "n1-standard-2",
Accelerators = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceBoostConfigAcceleratorArgs
{
Type = "nvidia-tesla-t4",
Count = 1,
},
},
},
new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceBoostConfigArgs
{
Id = "boost-2",
MachineType = "n1-standard-2",
PoolSize = 2,
BootDiskSizeGb = 30,
EnableNestedVirtualization = true,
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("e2-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.boostConfigs(
WorkstationConfigHostGceInstanceBoostConfigArgs.builder()
.id("boost-1")
.machineType("n1-standard-2")
.accelerators(WorkstationConfigHostGceInstanceBoostConfigAcceleratorArgs.builder()
.type("nvidia-tesla-t4")
.count(1)
.build())
.build(),
WorkstationConfigHostGceInstanceBoostConfigArgs.builder()
.id("boost-2")
.machineType("n1-standard-2")
.poolSize(2)
.bootDiskSizeGb(30)
.enableNestedVirtualization(true)
.build())
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: e2-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
boostConfigs:
- id: boost-1
machineType: n1-standard-2
accelerators:
- type: nvidia-tesla-t4
count: '1'
- id: boost-2
machineType: n1-standard-2
poolSize: 2
bootDiskSizeGb: 30
enableNestedVirtualization: true
The boostConfigs array defines named performance profiles. Each profile specifies a machineType and optional accelerators, poolSize, or bootDiskSizeGb. Users can activate a boost profile on demand, and the workstation temporarily switches to the boosted configuration.
Encrypt workstation disks with customer-managed keys
Organizations with compliance requirements can encrypt boot and persistent disks using their own KMS keys.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultKeyRing = new gcp.kms.KeyRing("default", {
name: "workstation-cluster",
location: "us-central1",
});
const defaultCryptoKey = new gcp.kms.CryptoKey("default", {
name: "workstation-cluster",
keyRing: defaultKeyRing.id,
});
const defaultAccount = new gcp.serviceaccount.Account("default", {
accountId: "my-account",
displayName: "Service Account",
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "e2-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
shieldedInstanceConfig: {
enableSecureBoot: true,
enableVtpm: true,
},
},
},
encryptionKey: {
kmsKey: defaultCryptoKey.id,
kmsKeyServiceAccount: defaultAccount.email,
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_key_ring = gcp.kms.KeyRing("default",
name="workstation-cluster",
location="us-central1")
default_crypto_key = gcp.kms.CryptoKey("default",
name="workstation-cluster",
key_ring=default_key_ring.id)
default_account = gcp.serviceaccount.Account("default",
account_id="my-account",
display_name="Service Account")
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "e2-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"shielded_instance_config": {
"enable_secure_boot": True,
"enable_vtpm": True,
},
},
},
encryption_key={
"kms_key": default_crypto_key.id,
"kms_key_service_account": default_account.email,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/serviceaccount"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
defaultKeyRing, err := kms.NewKeyRing(ctx, "default", &kms.KeyRingArgs{
Name: pulumi.String("workstation-cluster"),
Location: pulumi.String("us-central1"),
})
if err != nil {
return err
}
defaultCryptoKey, err := kms.NewCryptoKey(ctx, "default", &kms.CryptoKeyArgs{
Name: pulumi.String("workstation-cluster"),
KeyRing: defaultKeyRing.ID(),
})
if err != nil {
return err
}
defaultAccount, err := serviceaccount.NewAccount(ctx, "default", &serviceaccount.AccountArgs{
AccountId: pulumi.String("my-account"),
DisplayName: pulumi.String("Service Account"),
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("e2-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
ShieldedInstanceConfig: &workstations.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs{
EnableSecureBoot: pulumi.Bool(true),
EnableVtpm: pulumi.Bool(true),
},
},
},
EncryptionKey: &workstations.WorkstationConfigEncryptionKeyArgs{
KmsKey: defaultCryptoKey.ID(),
KmsKeyServiceAccount: defaultAccount.Email,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultKeyRing = new Gcp.Kms.KeyRing("default", new()
{
Name = "workstation-cluster",
Location = "us-central1",
});
var defaultCryptoKey = new Gcp.Kms.CryptoKey("default", new()
{
Name = "workstation-cluster",
KeyRing = defaultKeyRing.Id,
});
var defaultAccount = new Gcp.ServiceAccount.Account("default", new()
{
AccountId = "my-account",
DisplayName = "Service Account",
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "e2-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
ShieldedInstanceConfig = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs
{
EnableSecureBoot = true,
EnableVtpm = true,
},
},
},
EncryptionKey = new Gcp.Workstations.Inputs.WorkstationConfigEncryptionKeyArgs
{
KmsKey = defaultCryptoKey.Id,
KmsKeyServiceAccount = defaultAccount.Email,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.serviceaccount.Account;
import com.pulumi.gcp.serviceaccount.AccountArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigEncryptionKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultKeyRing = new KeyRing("defaultKeyRing", KeyRingArgs.builder()
.name("workstation-cluster")
.location("us-central1")
.build());
var defaultCryptoKey = new CryptoKey("defaultCryptoKey", CryptoKeyArgs.builder()
.name("workstation-cluster")
.keyRing(defaultKeyRing.id())
.build());
var defaultAccount = new Account("defaultAccount", AccountArgs.builder()
.accountId("my-account")
.displayName("Service Account")
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("e2-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.shieldedInstanceConfig(WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs.builder()
.enableSecureBoot(true)
.enableVtpm(true)
.build())
.build())
.build())
.encryptionKey(WorkstationConfigEncryptionKeyArgs.builder()
.kmsKey(defaultCryptoKey.id())
.kmsKeyServiceAccount(defaultAccount.email())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultKeyRing:
type: gcp:kms:KeyRing
name: default
properties:
name: workstation-cluster
location: us-central1
defaultCryptoKey:
type: gcp:kms:CryptoKey
name: default
properties:
name: workstation-cluster
keyRing: ${defaultKeyRing.id}
defaultAccount:
type: gcp:serviceaccount:Account
name: default
properties:
accountId: my-account
displayName: Service Account
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: e2-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
shieldedInstanceConfig:
enableSecureBoot: true
enableVtpm: true
encryptionKey:
kmsKey: ${defaultCryptoKey.id}
kmsKeyServiceAccount: ${defaultAccount.email}
The encryptionKey block references a kmsKey and specifies a kmsKeyServiceAccount that has permission to use the key. Both the boot disk and persistent disks are encrypted with this key. If the key is rotated, the system recreates the persistent disk with the new version when the workstation stops.
Control network access with port restrictions
Security policies often require limiting which ports are externally accessible.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "e2-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
},
},
allowedPorts: [
{
first: 80,
last: 80,
},
{
first: 22,
last: 22,
},
{
first: 1024,
last: 65535,
},
],
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "e2-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
},
},
allowed_ports=[
{
"first": 80,
"last": 80,
},
{
"first": 22,
"last": 22,
},
{
"first": 1024,
"last": 65535,
},
])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("e2-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
},
},
AllowedPorts: workstations.WorkstationConfigAllowedPortArray{
&workstations.WorkstationConfigAllowedPortArgs{
First: pulumi.Int(80),
Last: pulumi.Int(80),
},
&workstations.WorkstationConfigAllowedPortArgs{
First: pulumi.Int(22),
Last: pulumi.Int(22),
},
&workstations.WorkstationConfigAllowedPortArgs{
First: pulumi.Int(1024),
Last: pulumi.Int(65535),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "e2-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
},
},
AllowedPorts = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigAllowedPortArgs
{
First = 80,
Last = 80,
},
new Gcp.Workstations.Inputs.WorkstationConfigAllowedPortArgs
{
First = 22,
Last = 22,
},
new Gcp.Workstations.Inputs.WorkstationConfigAllowedPortArgs
{
First = 1024,
Last = 65535,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigAllowedPortArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("e2-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.build())
.build())
.allowedPorts(
WorkstationConfigAllowedPortArgs.builder()
.first(80)
.last(80)
.build(),
WorkstationConfigAllowedPortArgs.builder()
.first(22)
.last(22)
.build(),
WorkstationConfigAllowedPortArgs.builder()
.first(1024)
.last(65535)
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: e2-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
allowedPorts:
- first: 80
last: 80
- first: 22
last: 22
- first: 1024
last: 65535
The allowedPorts array defines port ranges. Each entry specifies first and last port numbers. Here, ports 22 (SSH), 80 (HTTP), and 1024-65535 (high ports) are allowed. Without this property, the default is ports 22, 80, and 1024-65535.
Beyond these examples
These snippets focus on specific workstation config features: compute configuration and timeout controls, container images and persistent storage, GPU acceleration and performance boost profiles, and encryption and network access controls. They’re intentionally minimal rather than full development environment deployments.
The examples rely on pre-existing infrastructure such as WorkstationCluster with VPC network and subnet, KMS keys and service accounts for encryption, and compute snapshots for snapshot-based storage. They focus on configuring the workstation environment rather than provisioning the surrounding infrastructure.
To keep things focused, common workstation patterns are omitted, including:
- Ephemeral directories (ephemeralDirectories)
- Shielded instance configuration (shieldedInstanceConfig)
- Readiness checks (readinessChecks)
- Audit logging (enableAuditAgent)
- TCP connection controls (disableTcpConnections)
These omissions are intentional: the goal is to illustrate how each workstation feature is wired, not provide drop-in development environment modules. See the WorkstationConfig resource reference for all available configuration options.
Let's configure GCP Cloud Workstations
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Encryption & Security
What happens if I rotate or revoke my customer-managed encryption key?
When you rotate the key, the system recreates the persistent disk with the new version when the workstation stops. Keep older key versions until recreation completes, or data will be lost. If you revoke the key, the workstation session automatically stops within 7 hours.
What permissions do I need to enable audit logging?
When
enableAuditAgent is true, you must specify a service account with logging.buckets.write permission on the project.Timeouts & Lifecycle
What are the default timeout values for workstations?
Workstations default to a 20-minute idle timeout (
idleTimeout) and 12-hour running timeout (runningTimeout). Set either to 0 to disable that timeout (except when using encryption).Why can't I set runningTimeout to 0 when using encryption?
When
encryptionKey is configured, runningTimeout must be greater than 0 and less than 24 hours for security reasons.Networking & Connectivity
What ports are accessible by default?
If
allowedPorts isn’t specified, ports 22, 80, and the range 1024-65535 are accessible. Custom ports must be 22, 80, or within 1024-65535.Can I use SSH if I enable disableTcpConnections?
No. Setting
disableTcpConnections to true disables the websocket relay, preventing services that require plain TCP connections like SSH. All communication must occur over HTTPS or WSS.Configuration & Immutability
What fields can't I change after creating the workstation config?
The following fields are immutable:
location, project, replicaZones, workstationClusterId, workstationConfigId, and encryptionKey.How many zones do I need to specify for replicaZones?
If you set
replicaZones, you must specify exactly two zones within the workstation cluster’s region (e.g., ['us-central1-a', 'us-central1-f']). If empty, two default zones are used.Resource Limits & Features
How does maxUsableWorkstations enforcement work?
The
maxUsableWorkstations limit is only enforced on CreateWorkstation API calls by the user making the request, not on existing workstations.How do I configure GPU acceleration for workstations?
Add
accelerators to host.gceInstance with the GPU type (e.g., nvidia-tesla-t4) and count.What are boost configs and how do I use them?
Boost configs in
host.gceInstance.boostConfigs allow temporary performance upgrades with different machine types, accelerators, pool sizes, or boot disk configurations.