The gcp:workstations/workstationConfig:WorkstationConfig resource, part of the Pulumi GCP provider, defines configuration templates for Cloud Workstations: compute resources, container images, storage, and network policies shared across multiple workstation instances. This guide focuses on four capabilities: machine type and timeout configuration, container images and persistent storage, GPU acceleration and boost configurations, and encryption and network access controls.
Workstation configurations belong to a WorkstationCluster and may reference VPC networks, KMS keys, container images, and Compute Engine snapshots. The examples are intentionally small. Combine them with your own cluster infrastructure and security policies.
Configure machine type and timeout behavior
Development teams provision workstations with specific compute resources and lifecycle policies to balance performance against cost.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const tagKey1 = new gcp.tags.TagKey("tag_key1", {
parent: "organizations/123456789",
shortName: "keyname",
});
const tagValue1 = new gcp.tags.TagValue("tag_value1", {
parent: tagKey1.id,
shortName: "valuename",
});
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
idleTimeout: "600s",
runningTimeout: "21600s",
replicaZones: [
"us-central1-a",
"us-central1-b",
],
annotations: {
"label-one": "value-one",
},
labels: {
label: "key",
},
maxUsableWorkstations: 1,
host: {
gceInstance: {
machineType: "e2-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
disableSsh: false,
vmTags: pulumi.all([tagKey1.id, tagValue1.id]).apply(([tagKey1Id, tagValue1Id]) => {
[tagKey1Id]: tagValue1Id,
}),
},
},
});
import pulumi
import pulumi_gcp as gcp
tag_key1 = gcp.tags.TagKey("tag_key1",
parent="organizations/123456789",
short_name="keyname")
tag_value1 = gcp.tags.TagValue("tag_value1",
parent=tag_key1.id,
short_name="valuename")
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
idle_timeout="600s",
running_timeout="21600s",
replica_zones=[
"us-central1-a",
"us-central1-b",
],
annotations={
"label-one": "value-one",
},
labels={
"label": "key",
},
max_usable_workstations=1,
host={
"gce_instance": {
"machine_type": "e2-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"disable_ssh": False,
"vm_tags": pulumi.Output.all(
tagKey1Id=tag_key1.id,
tagValue1Id=tag_value1.id
).apply(lambda resolved_outputs: {
resolved_outputs['tagKey1Id']: resolved_outputs['tagValue1Id'],
})
,
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/tags"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tagKey1, err := tags.NewTagKey(ctx, "tag_key1", &tags.TagKeyArgs{
Parent: pulumi.String("organizations/123456789"),
ShortName: pulumi.String("keyname"),
})
if err != nil {
return err
}
tagValue1, err := tags.NewTagValue(ctx, "tag_value1", &tags.TagValueArgs{
Parent: tagKey1.ID(),
ShortName: pulumi.String("valuename"),
})
if err != nil {
return err
}
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
IdleTimeout: pulumi.String("600s"),
RunningTimeout: pulumi.String("21600s"),
ReplicaZones: pulumi.StringArray{
pulumi.String("us-central1-a"),
pulumi.String("us-central1-b"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
MaxUsableWorkstations: pulumi.Int(1),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("e2-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
DisableSsh: pulumi.Bool(false),
VmTags: pulumi.All(tagKey1.ID(),tagValue1.ID()).ApplyT(func(_args []interface{}) (map[string]string, error) {
tagKey1Id := _args[0].(string)
tagValue1Id := _args[1].(string)
return map[string]string{
tagKey1Id: tagValue1Id,
}, nil
}).(pulumi.Map[string]stringOutput),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var tagKey1 = new Gcp.Tags.TagKey("tag_key1", new()
{
Parent = "organizations/123456789",
ShortName = "keyname",
});
var tagValue1 = new Gcp.Tags.TagValue("tag_value1", new()
{
Parent = tagKey1.Id,
ShortName = "valuename",
});
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
IdleTimeout = "600s",
RunningTimeout = "21600s",
ReplicaZones = new[]
{
"us-central1-a",
"us-central1-b",
},
Annotations =
{
{ "label-one", "value-one" },
},
Labels =
{
{ "label", "key" },
},
MaxUsableWorkstations = 1,
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "e2-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
DisableSsh = false,
VmTags = Output.Tuple(tagKey1.Id, tagValue1.Id).Apply(values =>
{
var tagKey1Id = values.Item1;
var tagValue1Id = values.Item2;
return
{
{ tagKey1Id, tagValue1Id },
};
}),
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.tags.TagKey;
import com.pulumi.gcp.tags.TagKeyArgs;
import com.pulumi.gcp.tags.TagValue;
import com.pulumi.gcp.tags.TagValueArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var tagKey1 = new TagKey("tagKey1", TagKeyArgs.builder()
.parent("organizations/123456789")
.shortName("keyname")
.build());
var tagValue1 = new TagValue("tagValue1", TagValueArgs.builder()
.parent(tagKey1.id())
.shortName("valuename")
.build());
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.idleTimeout("600s")
.runningTimeout("21600s")
.replicaZones(
"us-central1-a",
"us-central1-b")
.annotations(Map.of("label-one", "value-one"))
.labels(Map.of("label", "key"))
.maxUsableWorkstations(1)
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("e2-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.disableSsh(false)
.vmTags(Output.tuple(tagKey1.id(), tagValue1.id()).applyValue(values -> {
var tagKey1Id = values.t1;
var tagValue1Id = values.t2;
return Map.of(tagKey1Id, tagValue1Id);
}))
.build())
.build())
.build());
}
}
resources:
tagKey1:
type: gcp:tags:TagKey
name: tag_key1
properties:
parent: organizations/123456789
shortName: keyname
tagValue1:
type: gcp:tags:TagValue
name: tag_value1
properties:
parent: ${tagKey1.id}
shortName: valuename
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
idleTimeout: 600s
runningTimeout: 21600s
replicaZones:
- us-central1-a
- us-central1-b
annotations:
label-one: value-one
labels:
label: key
maxUsableWorkstations: 1
host:
gceInstance:
machineType: e2-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
disableSsh: false
vmTags:
${tagKey1.id}: ${tagValue1.id}
The machineType and bootDiskSizeGb properties define the VM’s compute capacity. The idleTimeout property stops workstations after periods of inactivity (600 seconds here), while runningTimeout enforces a maximum session duration (21600 seconds, or 6 hours). The replicaZones property distributes VM and disk resources across two zones for availability.
Run custom container images with environment variables
Teams package development tools into container images to standardize environments across workstations.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "n1-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
enableNestedVirtualization: true,
},
},
container: {
image: "intellij",
env: {
NAME: "FOO",
BABE: "bar",
},
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "n1-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"enable_nested_virtualization": True,
},
},
container={
"image": "intellij",
"env": {
"NAME": "FOO",
"BABE": "bar",
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("n1-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
EnableNestedVirtualization: pulumi.Bool(true),
},
},
Container: &workstations.WorkstationConfigContainerArgs{
Image: pulumi.String("intellij"),
Env: pulumi.StringMap{
"NAME": pulumi.String("FOO"),
"BABE": pulumi.String("bar"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "n1-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
EnableNestedVirtualization = true,
},
},
Container = new Gcp.Workstations.Inputs.WorkstationConfigContainerArgs
{
Image = "intellij",
Env =
{
{ "NAME", "FOO" },
{ "BABE", "bar" },
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigContainerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("n1-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.enableNestedVirtualization(true)
.build())
.build())
.container(WorkstationConfigContainerArgs.builder()
.image("intellij")
.env(Map.ofEntries(
Map.entry("NAME", "FOO"),
Map.entry("BABE", "bar")
))
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: n1-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
enableNestedVirtualization: true
container:
image: intellij
env:
NAME: FOO
BABE: bar
The container block specifies the image to run and passes configuration via the env map. The enableNestedVirtualization property allows running VMs inside the workstation, useful for Docker-in-Docker or testing virtualization workflows.
Attach persistent disks for stateful workloads
Workstations that preserve files across sessions require persistent storage mounted at specific paths.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "e2-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
shieldedInstanceConfig: {
enableSecureBoot: true,
enableVtpm: true,
},
},
},
persistentDirectories: [{
mountPath: "/home",
gcePd: {
sizeGb: 200,
fsType: "ext4",
diskType: "pd-standard",
reclaimPolicy: "DELETE",
},
}],
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "e2-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"shielded_instance_config": {
"enable_secure_boot": True,
"enable_vtpm": True,
},
},
},
persistent_directories=[{
"mount_path": "/home",
"gce_pd": {
"size_gb": 200,
"fs_type": "ext4",
"disk_type": "pd-standard",
"reclaim_policy": "DELETE",
},
}])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("e2-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
ShieldedInstanceConfig: &workstations.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs{
EnableSecureBoot: pulumi.Bool(true),
EnableVtpm: pulumi.Bool(true),
},
},
},
PersistentDirectories: workstations.WorkstationConfigPersistentDirectoryArray{
&workstations.WorkstationConfigPersistentDirectoryArgs{
MountPath: pulumi.String("/home"),
GcePd: &workstations.WorkstationConfigPersistentDirectoryGcePdArgs{
SizeGb: pulumi.Int(200),
FsType: pulumi.String("ext4"),
DiskType: pulumi.String("pd-standard"),
ReclaimPolicy: pulumi.String("DELETE"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "e2-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
ShieldedInstanceConfig = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs
{
EnableSecureBoot = true,
EnableVtpm = true,
},
},
},
PersistentDirectories = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigPersistentDirectoryArgs
{
MountPath = "/home",
GcePd = new Gcp.Workstations.Inputs.WorkstationConfigPersistentDirectoryGcePdArgs
{
SizeGb = 200,
FsType = "ext4",
DiskType = "pd-standard",
ReclaimPolicy = "DELETE",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigPersistentDirectoryArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigPersistentDirectoryGcePdArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("e2-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.shieldedInstanceConfig(WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs.builder()
.enableSecureBoot(true)
.enableVtpm(true)
.build())
.build())
.build())
.persistentDirectories(WorkstationConfigPersistentDirectoryArgs.builder()
.mountPath("/home")
.gcePd(WorkstationConfigPersistentDirectoryGcePdArgs.builder()
.sizeGb(200)
.fsType("ext4")
.diskType("pd-standard")
.reclaimPolicy("DELETE")
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: e2-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
shieldedInstanceConfig:
enableSecureBoot: true
enableVtpm: true
persistentDirectories:
- mountPath: /home
gcePd:
sizeGb: 200
fsType: ext4
diskType: pd-standard
reclaimPolicy: DELETE
The persistentDirectories array mounts GCE persistent disks at the specified mountPath. The gcePd block configures disk size, filesystem type, and reclaim policy. When reclaimPolicy is “DELETE”, the disk is removed when the workstation configuration is deleted. The shieldedInstanceConfig enables Secure Boot and vTPM for enhanced security.
Initialize persistent disks from snapshots
Teams can pre-populate workstation disks with tools or datasets by creating persistent disks from existing snapshots.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const mySourceDisk = new gcp.compute.Disk("my_source_disk", {
name: "workstation-config",
size: 10,
type: "pd-ssd",
zone: "us-central1-a",
});
const mySourceSnapshot = new gcp.compute.Snapshot("my_source_snapshot", {
name: "workstation-config",
sourceDisk: mySourceDisk.name,
zone: "us-central1-a",
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: defaultWorkstationCluster.location,
persistentDirectories: [{
mountPath: "/home",
gcePd: {
sourceSnapshot: mySourceSnapshot.id,
reclaimPolicy: "DELETE",
},
}],
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
my_source_disk = gcp.compute.Disk("my_source_disk",
name="workstation-config",
size=10,
type="pd-ssd",
zone="us-central1-a")
my_source_snapshot = gcp.compute.Snapshot("my_source_snapshot",
name="workstation-config",
source_disk=my_source_disk.name,
zone="us-central1-a")
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1")
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location=default_workstation_cluster.location,
persistent_directories=[{
"mount_path": "/home",
"gce_pd": {
"source_snapshot": my_source_snapshot.id,
"reclaim_policy": "DELETE",
},
}])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
mySourceDisk, err := compute.NewDisk(ctx, "my_source_disk", &compute.DiskArgs{
Name: pulumi.String("workstation-config"),
Size: pulumi.Int(10),
Type: pulumi.String("pd-ssd"),
Zone: pulumi.String("us-central1-a"),
})
if err != nil {
return err
}
mySourceSnapshot, err := compute.NewSnapshot(ctx, "my_source_snapshot", &compute.SnapshotArgs{
Name: pulumi.String("workstation-config"),
SourceDisk: mySourceDisk.Name,
Zone: pulumi.String("us-central1-a"),
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: defaultWorkstationCluster.Location,
PersistentDirectories: workstations.WorkstationConfigPersistentDirectoryArray{
&workstations.WorkstationConfigPersistentDirectoryArgs{
MountPath: pulumi.String("/home"),
GcePd: &workstations.WorkstationConfigPersistentDirectoryGcePdArgs{
SourceSnapshot: mySourceSnapshot.ID(),
ReclaimPolicy: pulumi.String("DELETE"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var mySourceDisk = new Gcp.Compute.Disk("my_source_disk", new()
{
Name = "workstation-config",
Size = 10,
Type = "pd-ssd",
Zone = "us-central1-a",
});
var mySourceSnapshot = new Gcp.Compute.Snapshot("my_source_snapshot", new()
{
Name = "workstation-config",
SourceDisk = mySourceDisk.Name,
Zone = "us-central1-a",
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = defaultWorkstationCluster.Location,
PersistentDirectories = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigPersistentDirectoryArgs
{
MountPath = "/home",
GcePd = new Gcp.Workstations.Inputs.WorkstationConfigPersistentDirectoryGcePdArgs
{
SourceSnapshot = mySourceSnapshot.Id,
ReclaimPolicy = "DELETE",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.Disk;
import com.pulumi.gcp.compute.DiskArgs;
import com.pulumi.gcp.compute.Snapshot;
import com.pulumi.gcp.compute.SnapshotArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigPersistentDirectoryArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigPersistentDirectoryGcePdArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var mySourceDisk = new Disk("mySourceDisk", DiskArgs.builder()
.name("workstation-config")
.size(10)
.type("pd-ssd")
.zone("us-central1-a")
.build());
var mySourceSnapshot = new Snapshot("mySourceSnapshot", SnapshotArgs.builder()
.name("workstation-config")
.sourceDisk(mySourceDisk.name())
.zone("us-central1-a")
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location(defaultWorkstationCluster.location())
.persistentDirectories(WorkstationConfigPersistentDirectoryArgs.builder()
.mountPath("/home")
.gcePd(WorkstationConfigPersistentDirectoryGcePdArgs.builder()
.sourceSnapshot(mySourceSnapshot.id())
.reclaimPolicy("DELETE")
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
mySourceDisk:
type: gcp:compute:Disk
name: my_source_disk
properties:
name: workstation-config
size: 10
type: pd-ssd
zone: us-central1-a
mySourceSnapshot:
type: gcp:compute:Snapshot
name: my_source_snapshot
properties:
name: workstation-config
sourceDisk: ${mySourceDisk.name}
zone: us-central1-a
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: ${defaultWorkstationCluster.location}
persistentDirectories:
- mountPath: /home
gcePd:
sourceSnapshot: ${mySourceSnapshot.id}
reclaimPolicy: DELETE
The sourceSnapshot property references a Compute Engine snapshot ID. When the workstation starts, the persistent disk is initialized from this snapshot, cloning its contents. This accelerates provisioning and ensures consistency across workstations.
Attach GPUs for compute-intensive workloads
Machine learning and graphics workloads benefit from GPU acceleration attached to workstation instances.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "n1-standard-2",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
accelerators: [{
type: "nvidia-tesla-t4",
count: 1,
}],
},
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "n1-standard-2",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"accelerators": [{
"type": "nvidia-tesla-t4",
"count": 1,
}],
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("n1-standard-2"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
Accelerators: workstations.WorkstationConfigHostGceInstanceAcceleratorArray{
&workstations.WorkstationConfigHostGceInstanceAcceleratorArgs{
Type: pulumi.String("nvidia-tesla-t4"),
Count: pulumi.Int(1),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "n1-standard-2",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
Accelerators = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceAcceleratorArgs
{
Type = "nvidia-tesla-t4",
Count = 1,
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("n1-standard-2")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.accelerators(WorkstationConfigHostGceInstanceAcceleratorArgs.builder()
.type("nvidia-tesla-t4")
.count(1)
.build())
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: n1-standard-2
bootDiskSizeGb: 35
disablePublicIpAddresses: true
accelerators:
- type: nvidia-tesla-t4
count: '1'
The accelerators array specifies GPU type and count. Here, one NVIDIA Tesla T4 GPU is attached. GPU availability depends on machine type and region; not all machine types support accelerators.
Define temporary performance boost configurations
Developers occasionally need more compute power for builds or tests without permanently upgrading their workstation.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "e2-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
boostConfigs: [
{
id: "boost-1",
machineType: "n1-standard-2",
accelerators: [{
type: "nvidia-tesla-t4",
count: 1,
}],
},
{
id: "boost-2",
machineType: "n1-standard-2",
poolSize: 2,
bootDiskSizeGb: 30,
enableNestedVirtualization: true,
},
],
},
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "e2-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"boost_configs": [
{
"id": "boost-1",
"machine_type": "n1-standard-2",
"accelerators": [{
"type": "nvidia-tesla-t4",
"count": 1,
}],
},
{
"id": "boost-2",
"machine_type": "n1-standard-2",
"pool_size": 2,
"boot_disk_size_gb": 30,
"enable_nested_virtualization": True,
},
],
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("e2-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
BoostConfigs: workstations.WorkstationConfigHostGceInstanceBoostConfigArray{
&workstations.WorkstationConfigHostGceInstanceBoostConfigArgs{
Id: pulumi.String("boost-1"),
MachineType: pulumi.String("n1-standard-2"),
Accelerators: workstations.WorkstationConfigHostGceInstanceBoostConfigAcceleratorArray{
&workstations.WorkstationConfigHostGceInstanceBoostConfigAcceleratorArgs{
Type: pulumi.String("nvidia-tesla-t4"),
Count: pulumi.Int(1),
},
},
},
&workstations.WorkstationConfigHostGceInstanceBoostConfigArgs{
Id: pulumi.String("boost-2"),
MachineType: pulumi.String("n1-standard-2"),
PoolSize: pulumi.Int(2),
BootDiskSizeGb: pulumi.Int(30),
EnableNestedVirtualization: pulumi.Bool(true),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "e2-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
BoostConfigs = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceBoostConfigArgs
{
Id = "boost-1",
MachineType = "n1-standard-2",
Accelerators = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceBoostConfigAcceleratorArgs
{
Type = "nvidia-tesla-t4",
Count = 1,
},
},
},
new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceBoostConfigArgs
{
Id = "boost-2",
MachineType = "n1-standard-2",
PoolSize = 2,
BootDiskSizeGb = 30,
EnableNestedVirtualization = true,
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("e2-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.boostConfigs(
WorkstationConfigHostGceInstanceBoostConfigArgs.builder()
.id("boost-1")
.machineType("n1-standard-2")
.accelerators(WorkstationConfigHostGceInstanceBoostConfigAcceleratorArgs.builder()
.type("nvidia-tesla-t4")
.count(1)
.build())
.build(),
WorkstationConfigHostGceInstanceBoostConfigArgs.builder()
.id("boost-2")
.machineType("n1-standard-2")
.poolSize(2)
.bootDiskSizeGb(30)
.enableNestedVirtualization(true)
.build())
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: e2-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
boostConfigs:
- id: boost-1
machineType: n1-standard-2
accelerators:
- type: nvidia-tesla-t4
count: '1'
- id: boost-2
machineType: n1-standard-2
poolSize: 2
bootDiskSizeGb: 30
enableNestedVirtualization: true
The boostConfigs array defines named configurations users can activate on demand. Each boost specifies a machineType, optional accelerators, and poolSize (the number of pre-warmed instances). Users switch to a boost configuration temporarily, then return to the base configuration.
Encrypt workstation disks with customer-managed keys
Organizations with strict data governance use customer-managed encryption keys (CMEK) to control disk encryption.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultKeyRing = new gcp.kms.KeyRing("default", {
name: "workstation-cluster",
location: "us-central1",
});
const defaultCryptoKey = new gcp.kms.CryptoKey("default", {
name: "workstation-cluster",
keyRing: defaultKeyRing.id,
});
const defaultAccount = new gcp.serviceaccount.Account("default", {
accountId: "my-account",
displayName: "Service Account",
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "e2-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
shieldedInstanceConfig: {
enableSecureBoot: true,
enableVtpm: true,
},
},
},
encryptionKey: {
kmsKey: defaultCryptoKey.id,
kmsKeyServiceAccount: defaultAccount.email,
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_key_ring = gcp.kms.KeyRing("default",
name="workstation-cluster",
location="us-central1")
default_crypto_key = gcp.kms.CryptoKey("default",
name="workstation-cluster",
key_ring=default_key_ring.id)
default_account = gcp.serviceaccount.Account("default",
account_id="my-account",
display_name="Service Account")
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "e2-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
"shielded_instance_config": {
"enable_secure_boot": True,
"enable_vtpm": True,
},
},
},
encryption_key={
"kms_key": default_crypto_key.id,
"kms_key_service_account": default_account.email,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/serviceaccount"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
defaultKeyRing, err := kms.NewKeyRing(ctx, "default", &kms.KeyRingArgs{
Name: pulumi.String("workstation-cluster"),
Location: pulumi.String("us-central1"),
})
if err != nil {
return err
}
defaultCryptoKey, err := kms.NewCryptoKey(ctx, "default", &kms.CryptoKeyArgs{
Name: pulumi.String("workstation-cluster"),
KeyRing: defaultKeyRing.ID(),
})
if err != nil {
return err
}
defaultAccount, err := serviceaccount.NewAccount(ctx, "default", &serviceaccount.AccountArgs{
AccountId: pulumi.String("my-account"),
DisplayName: pulumi.String("Service Account"),
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("e2-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
ShieldedInstanceConfig: &workstations.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs{
EnableSecureBoot: pulumi.Bool(true),
EnableVtpm: pulumi.Bool(true),
},
},
},
EncryptionKey: &workstations.WorkstationConfigEncryptionKeyArgs{
KmsKey: defaultCryptoKey.ID(),
KmsKeyServiceAccount: defaultAccount.Email,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultKeyRing = new Gcp.Kms.KeyRing("default", new()
{
Name = "workstation-cluster",
Location = "us-central1",
});
var defaultCryptoKey = new Gcp.Kms.CryptoKey("default", new()
{
Name = "workstation-cluster",
KeyRing = defaultKeyRing.Id,
});
var defaultAccount = new Gcp.ServiceAccount.Account("default", new()
{
AccountId = "my-account",
DisplayName = "Service Account",
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "e2-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
ShieldedInstanceConfig = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs
{
EnableSecureBoot = true,
EnableVtpm = true,
},
},
},
EncryptionKey = new Gcp.Workstations.Inputs.WorkstationConfigEncryptionKeyArgs
{
KmsKey = defaultCryptoKey.Id,
KmsKeyServiceAccount = defaultAccount.Email,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.serviceaccount.Account;
import com.pulumi.gcp.serviceaccount.AccountArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigEncryptionKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultKeyRing = new KeyRing("defaultKeyRing", KeyRingArgs.builder()
.name("workstation-cluster")
.location("us-central1")
.build());
var defaultCryptoKey = new CryptoKey("defaultCryptoKey", CryptoKeyArgs.builder()
.name("workstation-cluster")
.keyRing(defaultKeyRing.id())
.build());
var defaultAccount = new Account("defaultAccount", AccountArgs.builder()
.accountId("my-account")
.displayName("Service Account")
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("e2-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.shieldedInstanceConfig(WorkstationConfigHostGceInstanceShieldedInstanceConfigArgs.builder()
.enableSecureBoot(true)
.enableVtpm(true)
.build())
.build())
.build())
.encryptionKey(WorkstationConfigEncryptionKeyArgs.builder()
.kmsKey(defaultCryptoKey.id())
.kmsKeyServiceAccount(defaultAccount.email())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultKeyRing:
type: gcp:kms:KeyRing
name: default
properties:
name: workstation-cluster
location: us-central1
defaultCryptoKey:
type: gcp:kms:CryptoKey
name: default
properties:
name: workstation-cluster
keyRing: ${defaultKeyRing.id}
defaultAccount:
type: gcp:serviceaccount:Account
name: default
properties:
accountId: my-account
displayName: Service Account
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: e2-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
shieldedInstanceConfig:
enableSecureBoot: true
enableVtpm: true
encryptionKey:
kmsKey: ${defaultCryptoKey.id}
kmsKeyServiceAccount: ${defaultAccount.email}
The encryptionKey block specifies the KMS key and service account for encrypting boot and persistent disks. The service account must have the cryptoKeyEncrypterDecrypter role on the key. If the key is rotated, the system recreates the persistent disk with the new key version when the workstation stops.
Control network access with port allowlists
Workstations expose services on specific ports for web previews, SSH access, or custom applications.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {
name: "workstation-cluster",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "workstation-cluster",
ipCidrRange: "10.0.0.0/24",
region: "us-central1",
network: _default.name,
});
const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", {
workstationClusterId: "workstation-cluster",
network: _default.id,
subnetwork: defaultSubnetwork.id,
location: "us-central1",
labels: {
label: "key",
},
annotations: {
"label-one": "value-one",
},
});
const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", {
workstationConfigId: "workstation-config",
workstationClusterId: defaultWorkstationCluster.workstationClusterId,
location: "us-central1",
host: {
gceInstance: {
machineType: "e2-standard-4",
bootDiskSizeGb: 35,
disablePublicIpAddresses: true,
},
},
allowedPorts: [
{
first: 80,
last: 80,
},
{
first: 22,
last: 22,
},
{
first: 1024,
last: 65535,
},
],
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default",
name="workstation-cluster",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="workstation-cluster",
ip_cidr_range="10.0.0.0/24",
region="us-central1",
network=default.name)
default_workstation_cluster = gcp.workstations.WorkstationCluster("default",
workstation_cluster_id="workstation-cluster",
network=default.id,
subnetwork=default_subnetwork.id,
location="us-central1",
labels={
"label": "key",
},
annotations={
"label-one": "value-one",
})
default_workstation_config = gcp.workstations.WorkstationConfig("default",
workstation_config_id="workstation-config",
workstation_cluster_id=default_workstation_cluster.workstation_cluster_id,
location="us-central1",
host={
"gce_instance": {
"machine_type": "e2-standard-4",
"boot_disk_size_gb": 35,
"disable_public_ip_addresses": True,
},
},
allowed_ports=[
{
"first": 80,
"last": 80,
},
{
"first": 22,
"last": 22,
},
{
"first": 1024,
"last": 65535,
},
])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/workstations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("workstation-cluster"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("workstation-cluster"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.Name,
})
if err != nil {
return err
}
defaultWorkstationCluster, err := workstations.NewWorkstationCluster(ctx, "default", &workstations.WorkstationClusterArgs{
WorkstationClusterId: pulumi.String("workstation-cluster"),
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
Location: pulumi.String("us-central1"),
Labels: pulumi.StringMap{
"label": pulumi.String("key"),
},
Annotations: pulumi.StringMap{
"label-one": pulumi.String("value-one"),
},
})
if err != nil {
return err
}
_, err = workstations.NewWorkstationConfig(ctx, "default", &workstations.WorkstationConfigArgs{
WorkstationConfigId: pulumi.String("workstation-config"),
WorkstationClusterId: defaultWorkstationCluster.WorkstationClusterId,
Location: pulumi.String("us-central1"),
Host: &workstations.WorkstationConfigHostArgs{
GceInstance: &workstations.WorkstationConfigHostGceInstanceArgs{
MachineType: pulumi.String("e2-standard-4"),
BootDiskSizeGb: pulumi.Int(35),
DisablePublicIpAddresses: pulumi.Bool(true),
},
},
AllowedPorts: workstations.WorkstationConfigAllowedPortArray{
&workstations.WorkstationConfigAllowedPortArgs{
First: pulumi.Int(80),
Last: pulumi.Int(80),
},
&workstations.WorkstationConfigAllowedPortArgs{
First: pulumi.Int(22),
Last: pulumi.Int(22),
},
&workstations.WorkstationConfigAllowedPortArgs{
First: pulumi.Int(1024),
Last: pulumi.Int(65535),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "workstation-cluster",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "workstation-cluster",
IpCidrRange = "10.0.0.0/24",
Region = "us-central1",
Network = @default.Name,
});
var defaultWorkstationCluster = new Gcp.Workstations.WorkstationCluster("default", new()
{
WorkstationClusterId = "workstation-cluster",
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
Location = "us-central1",
Labels =
{
{ "label", "key" },
},
Annotations =
{
{ "label-one", "value-one" },
},
});
var defaultWorkstationConfig = new Gcp.Workstations.WorkstationConfig("default", new()
{
WorkstationConfigId = "workstation-config",
WorkstationClusterId = defaultWorkstationCluster.WorkstationClusterId,
Location = "us-central1",
Host = new Gcp.Workstations.Inputs.WorkstationConfigHostArgs
{
GceInstance = new Gcp.Workstations.Inputs.WorkstationConfigHostGceInstanceArgs
{
MachineType = "e2-standard-4",
BootDiskSizeGb = 35,
DisablePublicIpAddresses = true,
},
},
AllowedPorts = new[]
{
new Gcp.Workstations.Inputs.WorkstationConfigAllowedPortArgs
{
First = 80,
Last = 80,
},
new Gcp.Workstations.Inputs.WorkstationConfigAllowedPortArgs
{
First = 22,
Last = 22,
},
new Gcp.Workstations.Inputs.WorkstationConfigAllowedPortArgs
{
First = 1024,
Last = 65535,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.workstations.WorkstationCluster;
import com.pulumi.gcp.workstations.WorkstationClusterArgs;
import com.pulumi.gcp.workstations.WorkstationConfig;
import com.pulumi.gcp.workstations.WorkstationConfigArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigHostGceInstanceArgs;
import com.pulumi.gcp.workstations.inputs.WorkstationConfigAllowedPortArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("workstation-cluster")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("workstation-cluster")
.ipCidrRange("10.0.0.0/24")
.region("us-central1")
.network(default_.name())
.build());
var defaultWorkstationCluster = new WorkstationCluster("defaultWorkstationCluster", WorkstationClusterArgs.builder()
.workstationClusterId("workstation-cluster")
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.location("us-central1")
.labels(Map.of("label", "key"))
.annotations(Map.of("label-one", "value-one"))
.build());
var defaultWorkstationConfig = new WorkstationConfig("defaultWorkstationConfig", WorkstationConfigArgs.builder()
.workstationConfigId("workstation-config")
.workstationClusterId(defaultWorkstationCluster.workstationClusterId())
.location("us-central1")
.host(WorkstationConfigHostArgs.builder()
.gceInstance(WorkstationConfigHostGceInstanceArgs.builder()
.machineType("e2-standard-4")
.bootDiskSizeGb(35)
.disablePublicIpAddresses(true)
.build())
.build())
.allowedPorts(
WorkstationConfigAllowedPortArgs.builder()
.first(80)
.last(80)
.build(),
WorkstationConfigAllowedPortArgs.builder()
.first(22)
.last(22)
.build(),
WorkstationConfigAllowedPortArgs.builder()
.first(1024)
.last(65535)
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: workstation-cluster
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: workstation-cluster
ipCidrRange: 10.0.0.0/24
region: us-central1
network: ${default.name}
defaultWorkstationCluster:
type: gcp:workstations:WorkstationCluster
name: default
properties:
workstationClusterId: workstation-cluster
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
location: us-central1
labels:
label: key
annotations:
label-one: value-one
defaultWorkstationConfig:
type: gcp:workstations:WorkstationConfig
name: default
properties:
workstationConfigId: workstation-config
workstationClusterId: ${defaultWorkstationCluster.workstationClusterId}
location: us-central1
host:
gceInstance:
machineType: e2-standard-4
bootDiskSizeGb: 35
disablePublicIpAddresses: true
allowedPorts:
- first: 80
last: 80
- first: 22
last: 22
- first: 1024
last: 65535
The allowedPorts array defines port ranges that are externally accessible. Each entry specifies first and last port numbers. If not specified, defaults to ports 22, 80, and 1024-65535. Restricting ports limits network exposure for security.
Beyond these examples
These snippets focus on specific workstation configuration features: compute resources and lifecycle policies, container images and persistent storage, GPU acceleration and performance boost configurations, and encryption and network access controls. They’re intentionally minimal rather than full development environment deployments.
The examples rely on pre-existing infrastructure such as WorkstationCluster with VPC network and subnet, KMS keys, service accounts, Compute Engine snapshots for relevant examples, and container images in accessible registries. They focus on configuring the workstation template rather than provisioning the surrounding infrastructure.
To keep things focused, common configuration patterns are omitted, including:
- Readiness checks for health monitoring
- Ephemeral directories for temporary storage
- Audit logging configuration (enableAuditAgent)
- TCP connection controls (disableTcpConnections)
These omissions are intentional: the goal is to illustrate how each workstation configuration feature is wired, not provide drop-in development environment modules. See the WorkstationConfig resource reference for all available configuration options.
Let's configure GCP Cloud Workstations
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Beta & Stability
Is this resource production-ready?
This resource is in beta and should be used with the
terraform-provider-google-beta provider. Beta resources may have breaking changes, so use caution in production environments.Encryption & Security
What are the risks of using customer-managed encryption keys?
When rotating a customer-managed encryption key, keep older key versions until the persistent disk is recreated, or data will be lost. If the encryption key is revoked, workstation sessions automatically stop within 7 hours.
What permissions are needed to enable audit logging?
When
enableAuditAgent is true, you must specify a service account with logging.buckets.write permission on the project.Timeouts & Lifecycle
What are the default timeout settings for workstations?
Workstations default to a 20-minute idle timeout and 12-hour running timeout. Setting either to 0 disables that timeout (though
runningTimeout has constraints when using encryption).Why can't I set runningTimeout to 0 with customer-managed encryption?
When
encryptionKey is set, runningTimeout must be greater than 0 and less than 24 hours for security reasons.Networking & Access
What ports are accessible by default?
If
allowedPorts isn’t specified, ports 22, 80, and 1024-65535 are accessible by default. Custom ports must be 22, 80, or within 1024-65535.Why can't I SSH into my workstation?
If
disableTcpConnections is true, plain TCP connections (including SSH) are disabled. All communication must use HTTPS or WSS.Configuration & Immutability
What properties can't be changed after creation?
These properties are immutable:
location, project, replicaZones, workstationClusterId, workstationConfigId, and encryptionKey.How do I configure replica zones?
Specify exactly two zones within the workstation cluster’s region (e.g.,
['us-central1-a', 'us-central1-f']). If omitted, two default zones are used. This setting is immutable after creation.What's the purpose of maxUsableWorkstations?
maxUsableWorkstations limits how many workstations a user can have with workstations.workstation.use permission. It’s only enforced during CreateWorkstation API calls.Performance & Resources
How do I add GPU accelerators to workstations?
Configure
host.gceInstance.accelerators with a type (e.g., nvidia-tesla-t4) and count. See the Accelerators example for details.What are boost configs used for?
Boost configs in
host.gceInstance.boostConfigs allow temporary performance increases by specifying alternative machine types, accelerators, pool sizes, or other resources.