1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. container
  5. AttachedCluster
Google Cloud Classic v7.18.0 published on Wednesday, Apr 10, 2024 by Pulumi

gcp.container.AttachedCluster

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.18.0 published on Wednesday, Apr 10, 2024 by Pulumi

    An Anthos cluster running on customer owned infrastructure.

    To get more information about Cluster, see:

    Example Usage

    Container Attached Cluster Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const project = gcp.organizations.getProject({});
    const versions = project.then(project => gcp.container.getAttachedVersions({
        location: "us-west1",
        project: project.projectId,
    }));
    const primary = new gcp.container.AttachedCluster("primary", {
        name: "basic",
        location: "us-west1",
        project: project.then(project => project.projectId),
        description: "Test cluster",
        distribution: "aks",
        oidcConfig: {
            issuerUrl: "https://oidc.issuer.url",
        },
        platformVersion: versions.then(versions => versions.validVersions?.[0]),
        fleet: {
            project: project.then(project => `projects/${project.number}`),
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    project = gcp.organizations.get_project()
    versions = gcp.container.get_attached_versions(location="us-west1",
        project=project.project_id)
    primary = gcp.container.AttachedCluster("primary",
        name="basic",
        location="us-west1",
        project=project.project_id,
        description="Test cluster",
        distribution="aks",
        oidc_config=gcp.container.AttachedClusterOidcConfigArgs(
            issuer_url="https://oidc.issuer.url",
        ),
        platform_version=versions.valid_versions[0],
        fleet=gcp.container.AttachedClusterFleetArgs(
            project=f"projects/{project.number}",
        ))
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/container"
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		project, err := organizations.LookupProject(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		versions, err := container.GetAttachedVersions(ctx, &container.GetAttachedVersionsArgs{
    			Location: "us-west1",
    			Project:  project.ProjectId,
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = container.NewAttachedCluster(ctx, "primary", &container.AttachedClusterArgs{
    			Name:         pulumi.String("basic"),
    			Location:     pulumi.String("us-west1"),
    			Project:      pulumi.String(project.ProjectId),
    			Description:  pulumi.String("Test cluster"),
    			Distribution: pulumi.String("aks"),
    			OidcConfig: &container.AttachedClusterOidcConfigArgs{
    				IssuerUrl: pulumi.String("https://oidc.issuer.url"),
    			},
    			PlatformVersion: pulumi.String(versions.ValidVersions[0]),
    			Fleet: &container.AttachedClusterFleetArgs{
    				Project: pulumi.String(fmt.Sprintf("projects/%v", project.Number)),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var project = Gcp.Organizations.GetProject.Invoke();
    
        var versions = Gcp.Container.GetAttachedVersions.Invoke(new()
        {
            Location = "us-west1",
            Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
        });
    
        var primary = new Gcp.Container.AttachedCluster("primary", new()
        {
            Name = "basic",
            Location = "us-west1",
            Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
            Description = "Test cluster",
            Distribution = "aks",
            OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs
            {
                IssuerUrl = "https://oidc.issuer.url",
            },
            PlatformVersion = versions.Apply(getAttachedVersionsResult => getAttachedVersionsResult.ValidVersions[0]),
            Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs
            {
                Project = $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.organizations.OrganizationsFunctions;
    import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
    import com.pulumi.gcp.container.ContainerFunctions;
    import com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;
    import com.pulumi.gcp.container.AttachedCluster;
    import com.pulumi.gcp.container.AttachedClusterArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var project = OrganizationsFunctions.getProject();
    
            final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()
                .location("us-west1")
                .project(project.applyValue(getProjectResult -> getProjectResult.projectId()))
                .build());
    
            var primary = new AttachedCluster("primary", AttachedClusterArgs.builder()        
                .name("basic")
                .location("us-west1")
                .project(project.applyValue(getProjectResult -> getProjectResult.projectId()))
                .description("Test cluster")
                .distribution("aks")
                .oidcConfig(AttachedClusterOidcConfigArgs.builder()
                    .issuerUrl("https://oidc.issuer.url")
                    .build())
                .platformVersion(versions.applyValue(getAttachedVersionsResult -> getAttachedVersionsResult.validVersions()[0]))
                .fleet(AttachedClusterFleetArgs.builder()
                    .project(String.format("projects/%s", project.applyValue(getProjectResult -> getProjectResult.number())))
                    .build())
                .build());
    
        }
    }
    
    resources:
      primary:
        type: gcp:container:AttachedCluster
        properties:
          name: basic
          location: us-west1
          project: ${project.projectId}
          description: Test cluster
          distribution: aks
          oidcConfig:
            issuerUrl: https://oidc.issuer.url
          platformVersion: ${versions.validVersions[0]}
          fleet:
            project: projects/${project.number}
    variables:
      project:
        fn::invoke:
          Function: gcp:organizations:getProject
          Arguments: {}
      versions:
        fn::invoke:
          Function: gcp:container:getAttachedVersions
          Arguments:
            location: us-west1
            project: ${project.projectId}
    

    Container Attached Cluster Full

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    import * as std from "@pulumi/std";
    
    const project = gcp.organizations.getProject({});
    const versions = project.then(project => gcp.container.getAttachedVersions({
        location: "us-west1",
        project: project.projectId,
    }));
    const primary = new gcp.container.AttachedCluster("primary", {
        name: "basic",
        project: project.then(project => project.projectId),
        location: "us-west1",
        description: "Test cluster",
        distribution: "aks",
        annotations: {
            "label-one": "value-one",
        },
        authorization: {
            adminUsers: [
                "user1@example.com",
                "user2@example.com",
            ],
            adminGroups: [
                "group1@example.com",
                "group2@example.com",
            ],
        },
        oidcConfig: {
            issuerUrl: "https://oidc.issuer.url",
            jwks: std.base64encode({
                input: "{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}",
            }).then(invoke => invoke.result),
        },
        platformVersion: versions.then(versions => versions.validVersions?.[0]),
        fleet: {
            project: project.then(project => `projects/${project.number}`),
        },
        loggingConfig: {
            componentConfig: {
                enableComponents: [
                    "SYSTEM_COMPONENTS",
                    "WORKLOADS",
                ],
            },
        },
        monitoringConfig: {
            managedPrometheusConfig: {
                enabled: true,
            },
        },
        binaryAuthorization: {
            evaluationMode: "PROJECT_SINGLETON_POLICY_ENFORCE",
        },
        proxyConfig: {
            kubernetesSecret: {
                name: "proxy-config",
                namespace: "default",
            },
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    import pulumi_std as std
    
    project = gcp.organizations.get_project()
    versions = gcp.container.get_attached_versions(location="us-west1",
        project=project.project_id)
    primary = gcp.container.AttachedCluster("primary",
        name="basic",
        project=project.project_id,
        location="us-west1",
        description="Test cluster",
        distribution="aks",
        annotations={
            "label-one": "value-one",
        },
        authorization=gcp.container.AttachedClusterAuthorizationArgs(
            admin_users=[
                "user1@example.com",
                "user2@example.com",
            ],
            admin_groups=[
                "group1@example.com",
                "group2@example.com",
            ],
        ),
        oidc_config=gcp.container.AttachedClusterOidcConfigArgs(
            issuer_url="https://oidc.issuer.url",
            jwks=std.base64encode(input="{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}").result,
        ),
        platform_version=versions.valid_versions[0],
        fleet=gcp.container.AttachedClusterFleetArgs(
            project=f"projects/{project.number}",
        ),
        logging_config=gcp.container.AttachedClusterLoggingConfigArgs(
            component_config=gcp.container.AttachedClusterLoggingConfigComponentConfigArgs(
                enable_components=[
                    "SYSTEM_COMPONENTS",
                    "WORKLOADS",
                ],
            ),
        ),
        monitoring_config=gcp.container.AttachedClusterMonitoringConfigArgs(
            managed_prometheus_config=gcp.container.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs(
                enabled=True,
            ),
        ),
        binary_authorization=gcp.container.AttachedClusterBinaryAuthorizationArgs(
            evaluation_mode="PROJECT_SINGLETON_POLICY_ENFORCE",
        ),
        proxy_config=gcp.container.AttachedClusterProxyConfigArgs(
            kubernetes_secret=gcp.container.AttachedClusterProxyConfigKubernetesSecretArgs(
                name="proxy-config",
                namespace="default",
            ),
        ))
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/container"
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		project, err := organizations.LookupProject(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		versions, err := container.GetAttachedVersions(ctx, &container.GetAttachedVersionsArgs{
    			Location: "us-west1",
    			Project:  project.ProjectId,
    		}, nil)
    		if err != nil {
    			return err
    		}
    		invokeBase64encode, err := std.Base64encode(ctx, &std.Base64encodeArgs{
    			Input: "{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = container.NewAttachedCluster(ctx, "primary", &container.AttachedClusterArgs{
    			Name:         pulumi.String("basic"),
    			Project:      pulumi.String(project.ProjectId),
    			Location:     pulumi.String("us-west1"),
    			Description:  pulumi.String("Test cluster"),
    			Distribution: pulumi.String("aks"),
    			Annotations: pulumi.StringMap{
    				"label-one": pulumi.String("value-one"),
    			},
    			Authorization: &container.AttachedClusterAuthorizationArgs{
    				AdminUsers: pulumi.StringArray{
    					pulumi.String("user1@example.com"),
    					pulumi.String("user2@example.com"),
    				},
    				AdminGroups: pulumi.StringArray{
    					pulumi.String("group1@example.com"),
    					pulumi.String("group2@example.com"),
    				},
    			},
    			OidcConfig: &container.AttachedClusterOidcConfigArgs{
    				IssuerUrl: pulumi.String("https://oidc.issuer.url"),
    				Jwks:      invokeBase64encode.Result,
    			},
    			PlatformVersion: pulumi.String(versions.ValidVersions[0]),
    			Fleet: &container.AttachedClusterFleetArgs{
    				Project: pulumi.String(fmt.Sprintf("projects/%v", project.Number)),
    			},
    			LoggingConfig: &container.AttachedClusterLoggingConfigArgs{
    				ComponentConfig: &container.AttachedClusterLoggingConfigComponentConfigArgs{
    					EnableComponents: pulumi.StringArray{
    						pulumi.String("SYSTEM_COMPONENTS"),
    						pulumi.String("WORKLOADS"),
    					},
    				},
    			},
    			MonitoringConfig: &container.AttachedClusterMonitoringConfigArgs{
    				ManagedPrometheusConfig: &container.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs{
    					Enabled: pulumi.Bool(true),
    				},
    			},
    			BinaryAuthorization: &container.AttachedClusterBinaryAuthorizationArgs{
    				EvaluationMode: pulumi.String("PROJECT_SINGLETON_POLICY_ENFORCE"),
    			},
    			ProxyConfig: &container.AttachedClusterProxyConfigArgs{
    				KubernetesSecret: &container.AttachedClusterProxyConfigKubernetesSecretArgs{
    					Name:      pulumi.String("proxy-config"),
    					Namespace: pulumi.String("default"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var project = Gcp.Organizations.GetProject.Invoke();
    
        var versions = Gcp.Container.GetAttachedVersions.Invoke(new()
        {
            Location = "us-west1",
            Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
        });
    
        var primary = new Gcp.Container.AttachedCluster("primary", new()
        {
            Name = "basic",
            Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
            Location = "us-west1",
            Description = "Test cluster",
            Distribution = "aks",
            Annotations = 
            {
                { "label-one", "value-one" },
            },
            Authorization = new Gcp.Container.Inputs.AttachedClusterAuthorizationArgs
            {
                AdminUsers = new[]
                {
                    "user1@example.com",
                    "user2@example.com",
                },
                AdminGroups = new[]
                {
                    "group1@example.com",
                    "group2@example.com",
                },
            },
            OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs
            {
                IssuerUrl = "https://oidc.issuer.url",
                Jwks = Std.Base64encode.Invoke(new()
                {
                    Input = "{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}",
                }).Apply(invoke => invoke.Result),
            },
            PlatformVersion = versions.Apply(getAttachedVersionsResult => getAttachedVersionsResult.ValidVersions[0]),
            Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs
            {
                Project = $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}",
            },
            LoggingConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigArgs
            {
                ComponentConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigComponentConfigArgs
                {
                    EnableComponents = new[]
                    {
                        "SYSTEM_COMPONENTS",
                        "WORKLOADS",
                    },
                },
            },
            MonitoringConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigArgs
            {
                ManagedPrometheusConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs
                {
                    Enabled = true,
                },
            },
            BinaryAuthorization = new Gcp.Container.Inputs.AttachedClusterBinaryAuthorizationArgs
            {
                EvaluationMode = "PROJECT_SINGLETON_POLICY_ENFORCE",
            },
            ProxyConfig = new Gcp.Container.Inputs.AttachedClusterProxyConfigArgs
            {
                KubernetesSecret = new Gcp.Container.Inputs.AttachedClusterProxyConfigKubernetesSecretArgs
                {
                    Name = "proxy-config",
                    Namespace = "default",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.organizations.OrganizationsFunctions;
    import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
    import com.pulumi.gcp.container.ContainerFunctions;
    import com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;
    import com.pulumi.gcp.container.AttachedCluster;
    import com.pulumi.gcp.container.AttachedClusterArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterAuthorizationArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterLoggingConfigArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterLoggingConfigComponentConfigArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterMonitoringConfigArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterBinaryAuthorizationArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterProxyConfigArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterProxyConfigKubernetesSecretArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var project = OrganizationsFunctions.getProject();
    
            final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()
                .location("us-west1")
                .project(project.applyValue(getProjectResult -> getProjectResult.projectId()))
                .build());
    
            var primary = new AttachedCluster("primary", AttachedClusterArgs.builder()        
                .name("basic")
                .project(project.applyValue(getProjectResult -> getProjectResult.projectId()))
                .location("us-west1")
                .description("Test cluster")
                .distribution("aks")
                .annotations(Map.of("label-one", "value-one"))
                .authorization(AttachedClusterAuthorizationArgs.builder()
                    .adminUsers(                
                        "user1@example.com",
                        "user2@example.com")
                    .adminGroups(                
                        "group1@example.com",
                        "group2@example.com")
                    .build())
                .oidcConfig(AttachedClusterOidcConfigArgs.builder()
                    .issuerUrl("https://oidc.issuer.url")
                    .jwks(StdFunctions.base64encode(Base64encodeArgs.builder()
                        .input("{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}")
                        .build()).result())
                    .build())
                .platformVersion(versions.applyValue(getAttachedVersionsResult -> getAttachedVersionsResult.validVersions()[0]))
                .fleet(AttachedClusterFleetArgs.builder()
                    .project(String.format("projects/%s", project.applyValue(getProjectResult -> getProjectResult.number())))
                    .build())
                .loggingConfig(AttachedClusterLoggingConfigArgs.builder()
                    .componentConfig(AttachedClusterLoggingConfigComponentConfigArgs.builder()
                        .enableComponents(                    
                            "SYSTEM_COMPONENTS",
                            "WORKLOADS")
                        .build())
                    .build())
                .monitoringConfig(AttachedClusterMonitoringConfigArgs.builder()
                    .managedPrometheusConfig(AttachedClusterMonitoringConfigManagedPrometheusConfigArgs.builder()
                        .enabled(true)
                        .build())
                    .build())
                .binaryAuthorization(AttachedClusterBinaryAuthorizationArgs.builder()
                    .evaluationMode("PROJECT_SINGLETON_POLICY_ENFORCE")
                    .build())
                .proxyConfig(AttachedClusterProxyConfigArgs.builder()
                    .kubernetesSecret(AttachedClusterProxyConfigKubernetesSecretArgs.builder()
                        .name("proxy-config")
                        .namespace("default")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      primary:
        type: gcp:container:AttachedCluster
        properties:
          name: basic
          project: ${project.projectId}
          location: us-west1
          description: Test cluster
          distribution: aks
          annotations:
            label-one: value-one
          authorization:
            adminUsers:
              - user1@example.com
              - user2@example.com
            adminGroups:
              - group1@example.com
              - group2@example.com
          oidcConfig:
            issuerUrl: https://oidc.issuer.url
            jwks:
              fn::invoke:
                Function: std:base64encode
                Arguments:
                  input: '{"keys":[{"use":"sig","kty":"RSA","kid":"testid","alg":"RS256","n":"somedata","e":"AQAB"}]}'
                Return: result
          platformVersion: ${versions.validVersions[0]}
          fleet:
            project: projects/${project.number}
          loggingConfig:
            componentConfig:
              enableComponents:
                - SYSTEM_COMPONENTS
                - WORKLOADS
          monitoringConfig:
            managedPrometheusConfig:
              enabled: true
          binaryAuthorization:
            evaluationMode: PROJECT_SINGLETON_POLICY_ENFORCE
          proxyConfig:
            kubernetesSecret:
              name: proxy-config
              namespace: default
    variables:
      project:
        fn::invoke:
          Function: gcp:organizations:getProject
          Arguments: {}
      versions:
        fn::invoke:
          Function: gcp:container:getAttachedVersions
          Arguments:
            location: us-west1
            project: ${project.projectId}
    

    Container Attached Cluster Ignore Errors

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const project = gcp.organizations.getProject({});
    const versions = project.then(project => gcp.container.getAttachedVersions({
        location: "us-west1",
        project: project.projectId,
    }));
    const primary = new gcp.container.AttachedCluster("primary", {
        name: "basic",
        location: "us-west1",
        project: project.then(project => project.projectId),
        description: "Test cluster",
        distribution: "aks",
        oidcConfig: {
            issuerUrl: "https://oidc.issuer.url",
        },
        platformVersion: versions.then(versions => versions.validVersions?.[0]),
        fleet: {
            project: project.then(project => `projects/${project.number}`),
        },
        deletionPolicy: "DELETE_IGNORE_ERRORS",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    project = gcp.organizations.get_project()
    versions = gcp.container.get_attached_versions(location="us-west1",
        project=project.project_id)
    primary = gcp.container.AttachedCluster("primary",
        name="basic",
        location="us-west1",
        project=project.project_id,
        description="Test cluster",
        distribution="aks",
        oidc_config=gcp.container.AttachedClusterOidcConfigArgs(
            issuer_url="https://oidc.issuer.url",
        ),
        platform_version=versions.valid_versions[0],
        fleet=gcp.container.AttachedClusterFleetArgs(
            project=f"projects/{project.number}",
        ),
        deletion_policy="DELETE_IGNORE_ERRORS")
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/container"
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		project, err := organizations.LookupProject(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		versions, err := container.GetAttachedVersions(ctx, &container.GetAttachedVersionsArgs{
    			Location: "us-west1",
    			Project:  project.ProjectId,
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = container.NewAttachedCluster(ctx, "primary", &container.AttachedClusterArgs{
    			Name:         pulumi.String("basic"),
    			Location:     pulumi.String("us-west1"),
    			Project:      pulumi.String(project.ProjectId),
    			Description:  pulumi.String("Test cluster"),
    			Distribution: pulumi.String("aks"),
    			OidcConfig: &container.AttachedClusterOidcConfigArgs{
    				IssuerUrl: pulumi.String("https://oidc.issuer.url"),
    			},
    			PlatformVersion: pulumi.String(versions.ValidVersions[0]),
    			Fleet: &container.AttachedClusterFleetArgs{
    				Project: pulumi.String(fmt.Sprintf("projects/%v", project.Number)),
    			},
    			DeletionPolicy: pulumi.String("DELETE_IGNORE_ERRORS"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var project = Gcp.Organizations.GetProject.Invoke();
    
        var versions = Gcp.Container.GetAttachedVersions.Invoke(new()
        {
            Location = "us-west1",
            Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
        });
    
        var primary = new Gcp.Container.AttachedCluster("primary", new()
        {
            Name = "basic",
            Location = "us-west1",
            Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
            Description = "Test cluster",
            Distribution = "aks",
            OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs
            {
                IssuerUrl = "https://oidc.issuer.url",
            },
            PlatformVersion = versions.Apply(getAttachedVersionsResult => getAttachedVersionsResult.ValidVersions[0]),
            Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs
            {
                Project = $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}",
            },
            DeletionPolicy = "DELETE_IGNORE_ERRORS",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.organizations.OrganizationsFunctions;
    import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
    import com.pulumi.gcp.container.ContainerFunctions;
    import com.pulumi.gcp.container.inputs.GetAttachedVersionsArgs;
    import com.pulumi.gcp.container.AttachedCluster;
    import com.pulumi.gcp.container.AttachedClusterArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterOidcConfigArgs;
    import com.pulumi.gcp.container.inputs.AttachedClusterFleetArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var project = OrganizationsFunctions.getProject();
    
            final var versions = ContainerFunctions.getAttachedVersions(GetAttachedVersionsArgs.builder()
                .location("us-west1")
                .project(project.applyValue(getProjectResult -> getProjectResult.projectId()))
                .build());
    
            var primary = new AttachedCluster("primary", AttachedClusterArgs.builder()        
                .name("basic")
                .location("us-west1")
                .project(project.applyValue(getProjectResult -> getProjectResult.projectId()))
                .description("Test cluster")
                .distribution("aks")
                .oidcConfig(AttachedClusterOidcConfigArgs.builder()
                    .issuerUrl("https://oidc.issuer.url")
                    .build())
                .platformVersion(versions.applyValue(getAttachedVersionsResult -> getAttachedVersionsResult.validVersions()[0]))
                .fleet(AttachedClusterFleetArgs.builder()
                    .project(String.format("projects/%s", project.applyValue(getProjectResult -> getProjectResult.number())))
                    .build())
                .deletionPolicy("DELETE_IGNORE_ERRORS")
                .build());
    
        }
    }
    
    resources:
      primary:
        type: gcp:container:AttachedCluster
        properties:
          name: basic
          location: us-west1
          project: ${project.projectId}
          description: Test cluster
          distribution: aks
          oidcConfig:
            issuerUrl: https://oidc.issuer.url
          platformVersion: ${versions.validVersions[0]}
          fleet:
            project: projects/${project.number}
          deletionPolicy: DELETE_IGNORE_ERRORS
    variables:
      project:
        fn::invoke:
          Function: gcp:organizations:getProject
          Arguments: {}
      versions:
        fn::invoke:
          Function: gcp:container:getAttachedVersions
          Arguments:
            location: us-west1
            project: ${project.projectId}
    

    Create AttachedCluster Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AttachedCluster(name: string, args: AttachedClusterArgs, opts?: CustomResourceOptions);
    @overload
    def AttachedCluster(resource_name: str,
                        args: AttachedClusterArgs,
                        opts: Optional[ResourceOptions] = None)
    
    @overload
    def AttachedCluster(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        distribution: Optional[str] = None,
                        platform_version: Optional[str] = None,
                        oidc_config: Optional[AttachedClusterOidcConfigArgs] = None,
                        location: Optional[str] = None,
                        fleet: Optional[AttachedClusterFleetArgs] = None,
                        deletion_policy: Optional[str] = None,
                        description: Optional[str] = None,
                        annotations: Optional[Mapping[str, str]] = None,
                        logging_config: Optional[AttachedClusterLoggingConfigArgs] = None,
                        monitoring_config: Optional[AttachedClusterMonitoringConfigArgs] = None,
                        name: Optional[str] = None,
                        binary_authorization: Optional[AttachedClusterBinaryAuthorizationArgs] = None,
                        authorization: Optional[AttachedClusterAuthorizationArgs] = None,
                        project: Optional[str] = None,
                        proxy_config: Optional[AttachedClusterProxyConfigArgs] = None)
    func NewAttachedCluster(ctx *Context, name string, args AttachedClusterArgs, opts ...ResourceOption) (*AttachedCluster, error)
    public AttachedCluster(string name, AttachedClusterArgs args, CustomResourceOptions? opts = null)
    public AttachedCluster(String name, AttachedClusterArgs args)
    public AttachedCluster(String name, AttachedClusterArgs args, CustomResourceOptions options)
    
    type: gcp:container:AttachedCluster
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AttachedClusterArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AttachedClusterArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AttachedClusterArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AttachedClusterArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AttachedClusterArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var attachedClusterResource = new Gcp.Container.AttachedCluster("attachedClusterResource", new()
    {
        Distribution = "string",
        PlatformVersion = "string",
        OidcConfig = new Gcp.Container.Inputs.AttachedClusterOidcConfigArgs
        {
            IssuerUrl = "string",
            Jwks = "string",
        },
        Location = "string",
        Fleet = new Gcp.Container.Inputs.AttachedClusterFleetArgs
        {
            Project = "string",
            Membership = "string",
        },
        DeletionPolicy = "string",
        Description = "string",
        Annotations = 
        {
            { "string", "string" },
        },
        LoggingConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigArgs
        {
            ComponentConfig = new Gcp.Container.Inputs.AttachedClusterLoggingConfigComponentConfigArgs
            {
                EnableComponents = new[]
                {
                    "string",
                },
            },
        },
        MonitoringConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigArgs
        {
            ManagedPrometheusConfig = new Gcp.Container.Inputs.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs
            {
                Enabled = false,
            },
        },
        Name = "string",
        BinaryAuthorization = new Gcp.Container.Inputs.AttachedClusterBinaryAuthorizationArgs
        {
            EvaluationMode = "string",
        },
        Authorization = new Gcp.Container.Inputs.AttachedClusterAuthorizationArgs
        {
            AdminGroups = new[]
            {
                "string",
            },
            AdminUsers = new[]
            {
                "string",
            },
        },
        Project = "string",
        ProxyConfig = new Gcp.Container.Inputs.AttachedClusterProxyConfigArgs
        {
            KubernetesSecret = new Gcp.Container.Inputs.AttachedClusterProxyConfigKubernetesSecretArgs
            {
                Name = "string",
                Namespace = "string",
            },
        },
    });
    
    example, err := container.NewAttachedCluster(ctx, "attachedClusterResource", &container.AttachedClusterArgs{
    	Distribution:    pulumi.String("string"),
    	PlatformVersion: pulumi.String("string"),
    	OidcConfig: &container.AttachedClusterOidcConfigArgs{
    		IssuerUrl: pulumi.String("string"),
    		Jwks:      pulumi.String("string"),
    	},
    	Location: pulumi.String("string"),
    	Fleet: &container.AttachedClusterFleetArgs{
    		Project:    pulumi.String("string"),
    		Membership: pulumi.String("string"),
    	},
    	DeletionPolicy: pulumi.String("string"),
    	Description:    pulumi.String("string"),
    	Annotations: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	LoggingConfig: &container.AttachedClusterLoggingConfigArgs{
    		ComponentConfig: &container.AttachedClusterLoggingConfigComponentConfigArgs{
    			EnableComponents: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	MonitoringConfig: &container.AttachedClusterMonitoringConfigArgs{
    		ManagedPrometheusConfig: &container.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs{
    			Enabled: pulumi.Bool(false),
    		},
    	},
    	Name: pulumi.String("string"),
    	BinaryAuthorization: &container.AttachedClusterBinaryAuthorizationArgs{
    		EvaluationMode: pulumi.String("string"),
    	},
    	Authorization: &container.AttachedClusterAuthorizationArgs{
    		AdminGroups: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		AdminUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Project: pulumi.String("string"),
    	ProxyConfig: &container.AttachedClusterProxyConfigArgs{
    		KubernetesSecret: &container.AttachedClusterProxyConfigKubernetesSecretArgs{
    			Name:      pulumi.String("string"),
    			Namespace: pulumi.String("string"),
    		},
    	},
    })
    
    var attachedClusterResource = new AttachedCluster("attachedClusterResource", AttachedClusterArgs.builder()        
        .distribution("string")
        .platformVersion("string")
        .oidcConfig(AttachedClusterOidcConfigArgs.builder()
            .issuerUrl("string")
            .jwks("string")
            .build())
        .location("string")
        .fleet(AttachedClusterFleetArgs.builder()
            .project("string")
            .membership("string")
            .build())
        .deletionPolicy("string")
        .description("string")
        .annotations(Map.of("string", "string"))
        .loggingConfig(AttachedClusterLoggingConfigArgs.builder()
            .componentConfig(AttachedClusterLoggingConfigComponentConfigArgs.builder()
                .enableComponents("string")
                .build())
            .build())
        .monitoringConfig(AttachedClusterMonitoringConfigArgs.builder()
            .managedPrometheusConfig(AttachedClusterMonitoringConfigManagedPrometheusConfigArgs.builder()
                .enabled(false)
                .build())
            .build())
        .name("string")
        .binaryAuthorization(AttachedClusterBinaryAuthorizationArgs.builder()
            .evaluationMode("string")
            .build())
        .authorization(AttachedClusterAuthorizationArgs.builder()
            .adminGroups("string")
            .adminUsers("string")
            .build())
        .project("string")
        .proxyConfig(AttachedClusterProxyConfigArgs.builder()
            .kubernetesSecret(AttachedClusterProxyConfigKubernetesSecretArgs.builder()
                .name("string")
                .namespace("string")
                .build())
            .build())
        .build());
    
    attached_cluster_resource = gcp.container.AttachedCluster("attachedClusterResource",
        distribution="string",
        platform_version="string",
        oidc_config=gcp.container.AttachedClusterOidcConfigArgs(
            issuer_url="string",
            jwks="string",
        ),
        location="string",
        fleet=gcp.container.AttachedClusterFleetArgs(
            project="string",
            membership="string",
        ),
        deletion_policy="string",
        description="string",
        annotations={
            "string": "string",
        },
        logging_config=gcp.container.AttachedClusterLoggingConfigArgs(
            component_config=gcp.container.AttachedClusterLoggingConfigComponentConfigArgs(
                enable_components=["string"],
            ),
        ),
        monitoring_config=gcp.container.AttachedClusterMonitoringConfigArgs(
            managed_prometheus_config=gcp.container.AttachedClusterMonitoringConfigManagedPrometheusConfigArgs(
                enabled=False,
            ),
        ),
        name="string",
        binary_authorization=gcp.container.AttachedClusterBinaryAuthorizationArgs(
            evaluation_mode="string",
        ),
        authorization=gcp.container.AttachedClusterAuthorizationArgs(
            admin_groups=["string"],
            admin_users=["string"],
        ),
        project="string",
        proxy_config=gcp.container.AttachedClusterProxyConfigArgs(
            kubernetes_secret=gcp.container.AttachedClusterProxyConfigKubernetesSecretArgs(
                name="string",
                namespace="string",
            ),
        ))
    
    const attachedClusterResource = new gcp.container.AttachedCluster("attachedClusterResource", {
        distribution: "string",
        platformVersion: "string",
        oidcConfig: {
            issuerUrl: "string",
            jwks: "string",
        },
        location: "string",
        fleet: {
            project: "string",
            membership: "string",
        },
        deletionPolicy: "string",
        description: "string",
        annotations: {
            string: "string",
        },
        loggingConfig: {
            componentConfig: {
                enableComponents: ["string"],
            },
        },
        monitoringConfig: {
            managedPrometheusConfig: {
                enabled: false,
            },
        },
        name: "string",
        binaryAuthorization: {
            evaluationMode: "string",
        },
        authorization: {
            adminGroups: ["string"],
            adminUsers: ["string"],
        },
        project: "string",
        proxyConfig: {
            kubernetesSecret: {
                name: "string",
                namespace: "string",
            },
        },
    });
    
    type: gcp:container:AttachedCluster
    properties:
        annotations:
            string: string
        authorization:
            adminGroups:
                - string
            adminUsers:
                - string
        binaryAuthorization:
            evaluationMode: string
        deletionPolicy: string
        description: string
        distribution: string
        fleet:
            membership: string
            project: string
        location: string
        loggingConfig:
            componentConfig:
                enableComponents:
                    - string
        monitoringConfig:
            managedPrometheusConfig:
                enabled: false
        name: string
        oidcConfig:
            issuerUrl: string
            jwks: string
        platformVersion: string
        project: string
        proxyConfig:
            kubernetesSecret:
                name: string
                namespace: string
    

    AttachedCluster Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AttachedCluster resource accepts the following input properties:

    Distribution string
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    Fleet AttachedClusterFleet
    Fleet configuration. Structure is documented below.
    Location string
    The location for the resource
    OidcConfig AttachedClusterOidcConfig
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    PlatformVersion string
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    Annotations Dictionary<string, string>

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    Authorization AttachedClusterAuthorization
    Configuration related to the cluster RBAC settings. Structure is documented below.
    BinaryAuthorization AttachedClusterBinaryAuthorization
    Binary Authorization configuration. Structure is documented below.
    DeletionPolicy string
    Policy to determine what flags to send on delete.
    Description string
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    LoggingConfig AttachedClusterLoggingConfig
    Logging configuration. Structure is documented below.
    MonitoringConfig AttachedClusterMonitoringConfig
    Monitoring configuration. Structure is documented below.
    Name string
    The name of this resource.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProxyConfig AttachedClusterProxyConfig
    Support for proxy configuration. Structure is documented below.
    Distribution string
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    Fleet AttachedClusterFleetArgs
    Fleet configuration. Structure is documented below.
    Location string
    The location for the resource
    OidcConfig AttachedClusterOidcConfigArgs
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    PlatformVersion string
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    Annotations map[string]string

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    Authorization AttachedClusterAuthorizationArgs
    Configuration related to the cluster RBAC settings. Structure is documented below.
    BinaryAuthorization AttachedClusterBinaryAuthorizationArgs
    Binary Authorization configuration. Structure is documented below.
    DeletionPolicy string
    Policy to determine what flags to send on delete.
    Description string
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    LoggingConfig AttachedClusterLoggingConfigArgs
    Logging configuration. Structure is documented below.
    MonitoringConfig AttachedClusterMonitoringConfigArgs
    Monitoring configuration. Structure is documented below.
    Name string
    The name of this resource.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProxyConfig AttachedClusterProxyConfigArgs
    Support for proxy configuration. Structure is documented below.
    distribution String
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    fleet AttachedClusterFleet
    Fleet configuration. Structure is documented below.
    location String
    The location for the resource
    oidcConfig AttachedClusterOidcConfig
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    platformVersion String
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    annotations Map<String,String>

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    authorization AttachedClusterAuthorization
    Configuration related to the cluster RBAC settings. Structure is documented below.
    binaryAuthorization AttachedClusterBinaryAuthorization
    Binary Authorization configuration. Structure is documented below.
    deletionPolicy String
    Policy to determine what flags to send on delete.
    description String
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    loggingConfig AttachedClusterLoggingConfig
    Logging configuration. Structure is documented below.
    monitoringConfig AttachedClusterMonitoringConfig
    Monitoring configuration. Structure is documented below.
    name String
    The name of this resource.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    proxyConfig AttachedClusterProxyConfig
    Support for proxy configuration. Structure is documented below.
    distribution string
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    fleet AttachedClusterFleet
    Fleet configuration. Structure is documented below.
    location string
    The location for the resource
    oidcConfig AttachedClusterOidcConfig
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    platformVersion string
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    annotations {[key: string]: string}

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    authorization AttachedClusterAuthorization
    Configuration related to the cluster RBAC settings. Structure is documented below.
    binaryAuthorization AttachedClusterBinaryAuthorization
    Binary Authorization configuration. Structure is documented below.
    deletionPolicy string
    Policy to determine what flags to send on delete.
    description string
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    loggingConfig AttachedClusterLoggingConfig
    Logging configuration. Structure is documented below.
    monitoringConfig AttachedClusterMonitoringConfig
    Monitoring configuration. Structure is documented below.
    name string
    The name of this resource.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    proxyConfig AttachedClusterProxyConfig
    Support for proxy configuration. Structure is documented below.
    distribution str
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    fleet AttachedClusterFleetArgs
    Fleet configuration. Structure is documented below.
    location str
    The location for the resource
    oidc_config AttachedClusterOidcConfigArgs
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    platform_version str
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    annotations Mapping[str, str]

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    authorization AttachedClusterAuthorizationArgs
    Configuration related to the cluster RBAC settings. Structure is documented below.
    binary_authorization AttachedClusterBinaryAuthorizationArgs
    Binary Authorization configuration. Structure is documented below.
    deletion_policy str
    Policy to determine what flags to send on delete.
    description str
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    logging_config AttachedClusterLoggingConfigArgs
    Logging configuration. Structure is documented below.
    monitoring_config AttachedClusterMonitoringConfigArgs
    Monitoring configuration. Structure is documented below.
    name str
    The name of this resource.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    proxy_config AttachedClusterProxyConfigArgs
    Support for proxy configuration. Structure is documented below.
    distribution String
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    fleet Property Map
    Fleet configuration. Structure is documented below.
    location String
    The location for the resource
    oidcConfig Property Map
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    platformVersion String
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    annotations Map<String>

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    authorization Property Map
    Configuration related to the cluster RBAC settings. Structure is documented below.
    binaryAuthorization Property Map
    Binary Authorization configuration. Structure is documented below.
    deletionPolicy String
    Policy to determine what flags to send on delete.
    description String
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    loggingConfig Property Map
    Logging configuration. Structure is documented below.
    monitoringConfig Property Map
    Monitoring configuration. Structure is documented below.
    name String
    The name of this resource.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    proxyConfig Property Map
    Support for proxy configuration. Structure is documented below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AttachedCluster resource produces the following output properties:

    ClusterRegion string
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    CreateTime string
    Output only. The time at which this cluster was created.
    EffectiveAnnotations Dictionary<string, string>
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    Errors List<AttachedClusterError>
    A set of errors found in the cluster. Structure is documented below.
    Id string
    The provider-assigned unique ID for this managed resource.
    KubernetesVersion string
    The Kubernetes version of the cluster.
    Reconciling bool
    If set, there are currently changes in flight to the cluster.
    State string
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    Uid string
    A globally unique identifier for the cluster.
    UpdateTime string
    The time at which this cluster was last updated.
    WorkloadIdentityConfigs List<AttachedClusterWorkloadIdentityConfig>
    Workload Identity settings. Structure is documented below.
    ClusterRegion string
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    CreateTime string
    Output only. The time at which this cluster was created.
    EffectiveAnnotations map[string]string
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    Errors []AttachedClusterError
    A set of errors found in the cluster. Structure is documented below.
    Id string
    The provider-assigned unique ID for this managed resource.
    KubernetesVersion string
    The Kubernetes version of the cluster.
    Reconciling bool
    If set, there are currently changes in flight to the cluster.
    State string
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    Uid string
    A globally unique identifier for the cluster.
    UpdateTime string
    The time at which this cluster was last updated.
    WorkloadIdentityConfigs []AttachedClusterWorkloadIdentityConfig
    Workload Identity settings. Structure is documented below.
    clusterRegion String
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    createTime String
    Output only. The time at which this cluster was created.
    effectiveAnnotations Map<String,String>
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    errors List<AttachedClusterError>
    A set of errors found in the cluster. Structure is documented below.
    id String
    The provider-assigned unique ID for this managed resource.
    kubernetesVersion String
    The Kubernetes version of the cluster.
    reconciling Boolean
    If set, there are currently changes in flight to the cluster.
    state String
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    uid String
    A globally unique identifier for the cluster.
    updateTime String
    The time at which this cluster was last updated.
    workloadIdentityConfigs List<AttachedClusterWorkloadIdentityConfig>
    Workload Identity settings. Structure is documented below.
    clusterRegion string
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    createTime string
    Output only. The time at which this cluster was created.
    effectiveAnnotations {[key: string]: string}
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    errors AttachedClusterError[]
    A set of errors found in the cluster. Structure is documented below.
    id string
    The provider-assigned unique ID for this managed resource.
    kubernetesVersion string
    The Kubernetes version of the cluster.
    reconciling boolean
    If set, there are currently changes in flight to the cluster.
    state string
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    uid string
    A globally unique identifier for the cluster.
    updateTime string
    The time at which this cluster was last updated.
    workloadIdentityConfigs AttachedClusterWorkloadIdentityConfig[]
    Workload Identity settings. Structure is documented below.
    cluster_region str
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    create_time str
    Output only. The time at which this cluster was created.
    effective_annotations Mapping[str, str]
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    errors Sequence[AttachedClusterError]
    A set of errors found in the cluster. Structure is documented below.
    id str
    The provider-assigned unique ID for this managed resource.
    kubernetes_version str
    The Kubernetes version of the cluster.
    reconciling bool
    If set, there are currently changes in flight to the cluster.
    state str
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    uid str
    A globally unique identifier for the cluster.
    update_time str
    The time at which this cluster was last updated.
    workload_identity_configs Sequence[AttachedClusterWorkloadIdentityConfig]
    Workload Identity settings. Structure is documented below.
    clusterRegion String
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    createTime String
    Output only. The time at which this cluster was created.
    effectiveAnnotations Map<String>
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    errors List<Property Map>
    A set of errors found in the cluster. Structure is documented below.
    id String
    The provider-assigned unique ID for this managed resource.
    kubernetesVersion String
    The Kubernetes version of the cluster.
    reconciling Boolean
    If set, there are currently changes in flight to the cluster.
    state String
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    uid String
    A globally unique identifier for the cluster.
    updateTime String
    The time at which this cluster was last updated.
    workloadIdentityConfigs List<Property Map>
    Workload Identity settings. Structure is documented below.

    Look up Existing AttachedCluster Resource

    Get an existing AttachedCluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AttachedClusterState, opts?: CustomResourceOptions): AttachedCluster
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            annotations: Optional[Mapping[str, str]] = None,
            authorization: Optional[AttachedClusterAuthorizationArgs] = None,
            binary_authorization: Optional[AttachedClusterBinaryAuthorizationArgs] = None,
            cluster_region: Optional[str] = None,
            create_time: Optional[str] = None,
            deletion_policy: Optional[str] = None,
            description: Optional[str] = None,
            distribution: Optional[str] = None,
            effective_annotations: Optional[Mapping[str, str]] = None,
            errors: Optional[Sequence[AttachedClusterErrorArgs]] = None,
            fleet: Optional[AttachedClusterFleetArgs] = None,
            kubernetes_version: Optional[str] = None,
            location: Optional[str] = None,
            logging_config: Optional[AttachedClusterLoggingConfigArgs] = None,
            monitoring_config: Optional[AttachedClusterMonitoringConfigArgs] = None,
            name: Optional[str] = None,
            oidc_config: Optional[AttachedClusterOidcConfigArgs] = None,
            platform_version: Optional[str] = None,
            project: Optional[str] = None,
            proxy_config: Optional[AttachedClusterProxyConfigArgs] = None,
            reconciling: Optional[bool] = None,
            state: Optional[str] = None,
            uid: Optional[str] = None,
            update_time: Optional[str] = None,
            workload_identity_configs: Optional[Sequence[AttachedClusterWorkloadIdentityConfigArgs]] = None) -> AttachedCluster
    func GetAttachedCluster(ctx *Context, name string, id IDInput, state *AttachedClusterState, opts ...ResourceOption) (*AttachedCluster, error)
    public static AttachedCluster Get(string name, Input<string> id, AttachedClusterState? state, CustomResourceOptions? opts = null)
    public static AttachedCluster get(String name, Output<String> id, AttachedClusterState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Annotations Dictionary<string, string>

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    Authorization AttachedClusterAuthorization
    Configuration related to the cluster RBAC settings. Structure is documented below.
    BinaryAuthorization AttachedClusterBinaryAuthorization
    Binary Authorization configuration. Structure is documented below.
    ClusterRegion string
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    CreateTime string
    Output only. The time at which this cluster was created.
    DeletionPolicy string
    Policy to determine what flags to send on delete.
    Description string
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    Distribution string
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    EffectiveAnnotations Dictionary<string, string>
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    Errors List<AttachedClusterError>
    A set of errors found in the cluster. Structure is documented below.
    Fleet AttachedClusterFleet
    Fleet configuration. Structure is documented below.
    KubernetesVersion string
    The Kubernetes version of the cluster.
    Location string
    The location for the resource
    LoggingConfig AttachedClusterLoggingConfig
    Logging configuration. Structure is documented below.
    MonitoringConfig AttachedClusterMonitoringConfig
    Monitoring configuration. Structure is documented below.
    Name string
    The name of this resource.
    OidcConfig AttachedClusterOidcConfig
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    PlatformVersion string
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProxyConfig AttachedClusterProxyConfig
    Support for proxy configuration. Structure is documented below.
    Reconciling bool
    If set, there are currently changes in flight to the cluster.
    State string
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    Uid string
    A globally unique identifier for the cluster.
    UpdateTime string
    The time at which this cluster was last updated.
    WorkloadIdentityConfigs List<AttachedClusterWorkloadIdentityConfig>
    Workload Identity settings. Structure is documented below.
    Annotations map[string]string

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    Authorization AttachedClusterAuthorizationArgs
    Configuration related to the cluster RBAC settings. Structure is documented below.
    BinaryAuthorization AttachedClusterBinaryAuthorizationArgs
    Binary Authorization configuration. Structure is documented below.
    ClusterRegion string
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    CreateTime string
    Output only. The time at which this cluster was created.
    DeletionPolicy string
    Policy to determine what flags to send on delete.
    Description string
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    Distribution string
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    EffectiveAnnotations map[string]string
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    Errors []AttachedClusterErrorArgs
    A set of errors found in the cluster. Structure is documented below.
    Fleet AttachedClusterFleetArgs
    Fleet configuration. Structure is documented below.
    KubernetesVersion string
    The Kubernetes version of the cluster.
    Location string
    The location for the resource
    LoggingConfig AttachedClusterLoggingConfigArgs
    Logging configuration. Structure is documented below.
    MonitoringConfig AttachedClusterMonitoringConfigArgs
    Monitoring configuration. Structure is documented below.
    Name string
    The name of this resource.
    OidcConfig AttachedClusterOidcConfigArgs
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    PlatformVersion string
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProxyConfig AttachedClusterProxyConfigArgs
    Support for proxy configuration. Structure is documented below.
    Reconciling bool
    If set, there are currently changes in flight to the cluster.
    State string
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    Uid string
    A globally unique identifier for the cluster.
    UpdateTime string
    The time at which this cluster was last updated.
    WorkloadIdentityConfigs []AttachedClusterWorkloadIdentityConfigArgs
    Workload Identity settings. Structure is documented below.
    annotations Map<String,String>

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    authorization AttachedClusterAuthorization
    Configuration related to the cluster RBAC settings. Structure is documented below.
    binaryAuthorization AttachedClusterBinaryAuthorization
    Binary Authorization configuration. Structure is documented below.
    clusterRegion String
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    createTime String
    Output only. The time at which this cluster was created.
    deletionPolicy String
    Policy to determine what flags to send on delete.
    description String
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    distribution String
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    effectiveAnnotations Map<String,String>
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    errors List<AttachedClusterError>
    A set of errors found in the cluster. Structure is documented below.
    fleet AttachedClusterFleet
    Fleet configuration. Structure is documented below.
    kubernetesVersion String
    The Kubernetes version of the cluster.
    location String
    The location for the resource
    loggingConfig AttachedClusterLoggingConfig
    Logging configuration. Structure is documented below.
    monitoringConfig AttachedClusterMonitoringConfig
    Monitoring configuration. Structure is documented below.
    name String
    The name of this resource.
    oidcConfig AttachedClusterOidcConfig
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    platformVersion String
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    proxyConfig AttachedClusterProxyConfig
    Support for proxy configuration. Structure is documented below.
    reconciling Boolean
    If set, there are currently changes in flight to the cluster.
    state String
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    uid String
    A globally unique identifier for the cluster.
    updateTime String
    The time at which this cluster was last updated.
    workloadIdentityConfigs List<AttachedClusterWorkloadIdentityConfig>
    Workload Identity settings. Structure is documented below.
    annotations {[key: string]: string}

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    authorization AttachedClusterAuthorization
    Configuration related to the cluster RBAC settings. Structure is documented below.
    binaryAuthorization AttachedClusterBinaryAuthorization
    Binary Authorization configuration. Structure is documented below.
    clusterRegion string
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    createTime string
    Output only. The time at which this cluster was created.
    deletionPolicy string
    Policy to determine what flags to send on delete.
    description string
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    distribution string
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    effectiveAnnotations {[key: string]: string}
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    errors AttachedClusterError[]
    A set of errors found in the cluster. Structure is documented below.
    fleet AttachedClusterFleet
    Fleet configuration. Structure is documented below.
    kubernetesVersion string
    The Kubernetes version of the cluster.
    location string
    The location for the resource
    loggingConfig AttachedClusterLoggingConfig
    Logging configuration. Structure is documented below.
    monitoringConfig AttachedClusterMonitoringConfig
    Monitoring configuration. Structure is documented below.
    name string
    The name of this resource.
    oidcConfig AttachedClusterOidcConfig
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    platformVersion string
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    proxyConfig AttachedClusterProxyConfig
    Support for proxy configuration. Structure is documented below.
    reconciling boolean
    If set, there are currently changes in flight to the cluster.
    state string
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    uid string
    A globally unique identifier for the cluster.
    updateTime string
    The time at which this cluster was last updated.
    workloadIdentityConfigs AttachedClusterWorkloadIdentityConfig[]
    Workload Identity settings. Structure is documented below.
    annotations Mapping[str, str]

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    authorization AttachedClusterAuthorizationArgs
    Configuration related to the cluster RBAC settings. Structure is documented below.
    binary_authorization AttachedClusterBinaryAuthorizationArgs
    Binary Authorization configuration. Structure is documented below.
    cluster_region str
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    create_time str
    Output only. The time at which this cluster was created.
    deletion_policy str
    Policy to determine what flags to send on delete.
    description str
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    distribution str
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    effective_annotations Mapping[str, str]
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    errors Sequence[AttachedClusterErrorArgs]
    A set of errors found in the cluster. Structure is documented below.
    fleet AttachedClusterFleetArgs
    Fleet configuration. Structure is documented below.
    kubernetes_version str
    The Kubernetes version of the cluster.
    location str
    The location for the resource
    logging_config AttachedClusterLoggingConfigArgs
    Logging configuration. Structure is documented below.
    monitoring_config AttachedClusterMonitoringConfigArgs
    Monitoring configuration. Structure is documented below.
    name str
    The name of this resource.
    oidc_config AttachedClusterOidcConfigArgs
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    platform_version str
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    proxy_config AttachedClusterProxyConfigArgs
    Support for proxy configuration. Structure is documented below.
    reconciling bool
    If set, there are currently changes in flight to the cluster.
    state str
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    uid str
    A globally unique identifier for the cluster.
    update_time str
    The time at which this cluster was last updated.
    workload_identity_configs Sequence[AttachedClusterWorkloadIdentityConfigArgs]
    Workload Identity settings. Structure is documented below.
    annotations Map<String>

    Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

    Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

    authorization Property Map
    Configuration related to the cluster RBAC settings. Structure is documented below.
    binaryAuthorization Property Map
    Binary Authorization configuration. Structure is documented below.
    clusterRegion String
    Output only. The region where this cluster runs. For EKS clusters, this is an AWS region. For AKS clusters, this is an Azure region.
    createTime String
    Output only. The time at which this cluster was created.
    deletionPolicy String
    Policy to determine what flags to send on delete.
    description String
    A human readable description of this attached cluster. Cannot be longer than 255 UTF-8 encoded bytes.
    distribution String
    The Kubernetes distribution of the underlying attached cluster. Supported values: "eks", "aks".
    effectiveAnnotations Map<String>
    All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
    errors List<Property Map>
    A set of errors found in the cluster. Structure is documented below.
    fleet Property Map
    Fleet configuration. Structure is documented below.
    kubernetesVersion String
    The Kubernetes version of the cluster.
    location String
    The location for the resource
    loggingConfig Property Map
    Logging configuration. Structure is documented below.
    monitoringConfig Property Map
    Monitoring configuration. Structure is documented below.
    name String
    The name of this resource.
    oidcConfig Property Map
    OIDC discovery information of the target cluster. Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster API server. This fields indicates how GCP services validate KSA tokens in order to allow system workloads (such as GKE Connect and telemetry agents) to authenticate back to GCP. Both clusters with public and private issuer URLs are supported. Clusters with public issuers only need to specify the issuer_url field while clusters with private issuers need to provide both issuer_url and jwks. Structure is documented below.
    platformVersion String
    The platform version for the cluster (e.g. 1.23.0-gke.1).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    proxyConfig Property Map
    Support for proxy configuration. Structure is documented below.
    reconciling Boolean
    If set, there are currently changes in flight to the cluster.
    state String
    The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED
    uid String
    A globally unique identifier for the cluster.
    updateTime String
    The time at which this cluster was last updated.
    workloadIdentityConfigs List<Property Map>
    Workload Identity settings. Structure is documented below.

    Supporting Types

    AttachedClusterAuthorization, AttachedClusterAuthorizationArgs

    AdminGroups List<string>
    Groups that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    AdminUsers List<string>
    Users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    AdminGroups []string
    Groups that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    AdminUsers []string
    Users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    adminGroups List<String>
    Groups that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    adminUsers List<String>
    Users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    adminGroups string[]
    Groups that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    adminUsers string[]
    Users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    admin_groups Sequence[str]
    Groups that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    admin_users Sequence[str]
    Users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    adminGroups List<String>
    Groups that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
    adminUsers List<String>
    Users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles

    AttachedClusterBinaryAuthorization, AttachedClusterBinaryAuthorizationArgs

    EvaluationMode string
    Configure Binary Authorization evaluation mode. Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE.
    EvaluationMode string
    Configure Binary Authorization evaluation mode. Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE.
    evaluationMode String
    Configure Binary Authorization evaluation mode. Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE.
    evaluationMode string
    Configure Binary Authorization evaluation mode. Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE.
    evaluation_mode str
    Configure Binary Authorization evaluation mode. Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE.
    evaluationMode String
    Configure Binary Authorization evaluation mode. Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE.

    AttachedClusterError, AttachedClusterErrorArgs

    Message string
    Human-friendly description of the error.
    Message string
    Human-friendly description of the error.
    message String
    Human-friendly description of the error.
    message string
    Human-friendly description of the error.
    message str
    Human-friendly description of the error.
    message String
    Human-friendly description of the error.

    AttachedClusterFleet, AttachedClusterFleetArgs

    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    Membership string
    (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    Membership string
    (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    membership String
    (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    membership string
    (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    membership str
    (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    membership String
    (Output) The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects//locations/global/membership/.

    AttachedClusterLoggingConfig, AttachedClusterLoggingConfigArgs

    ComponentConfig AttachedClusterLoggingConfigComponentConfig
    The configuration of the logging components Structure is documented below.
    ComponentConfig AttachedClusterLoggingConfigComponentConfig
    The configuration of the logging components Structure is documented below.
    componentConfig AttachedClusterLoggingConfigComponentConfig
    The configuration of the logging components Structure is documented below.
    componentConfig AttachedClusterLoggingConfigComponentConfig
    The configuration of the logging components Structure is documented below.
    component_config AttachedClusterLoggingConfigComponentConfig
    The configuration of the logging components Structure is documented below.
    componentConfig Property Map
    The configuration of the logging components Structure is documented below.

    AttachedClusterLoggingConfigComponentConfig, AttachedClusterLoggingConfigComponentConfigArgs

    EnableComponents List<string>
    The components to be enabled. Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS.
    EnableComponents []string
    The components to be enabled. Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS.
    enableComponents List<String>
    The components to be enabled. Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS.
    enableComponents string[]
    The components to be enabled. Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS.
    enable_components Sequence[str]
    The components to be enabled. Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS.
    enableComponents List<String>
    The components to be enabled. Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS.

    AttachedClusterMonitoringConfig, AttachedClusterMonitoringConfigArgs

    ManagedPrometheusConfig AttachedClusterMonitoringConfigManagedPrometheusConfig
    Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.
    ManagedPrometheusConfig AttachedClusterMonitoringConfigManagedPrometheusConfig
    Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.
    managedPrometheusConfig AttachedClusterMonitoringConfigManagedPrometheusConfig
    Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.
    managedPrometheusConfig AttachedClusterMonitoringConfigManagedPrometheusConfig
    Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.
    managed_prometheus_config AttachedClusterMonitoringConfigManagedPrometheusConfig
    Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.
    managedPrometheusConfig Property Map
    Enable Google Cloud Managed Service for Prometheus in the cluster. Structure is documented below.

    AttachedClusterMonitoringConfigManagedPrometheusConfig, AttachedClusterMonitoringConfigManagedPrometheusConfigArgs

    Enabled bool
    Enable Managed Collection.
    Enabled bool
    Enable Managed Collection.
    enabled Boolean
    Enable Managed Collection.
    enabled boolean
    Enable Managed Collection.
    enabled bool
    Enable Managed Collection.
    enabled Boolean
    Enable Managed Collection.

    AttachedClusterOidcConfig, AttachedClusterOidcConfigArgs

    IssuerUrl string
    A JSON Web Token (JWT) issuer URI. issuer must start with https://
    Jwks string
    OIDC verification keys in JWKS format (RFC 7517).
    IssuerUrl string
    A JSON Web Token (JWT) issuer URI. issuer must start with https://
    Jwks string
    OIDC verification keys in JWKS format (RFC 7517).
    issuerUrl String
    A JSON Web Token (JWT) issuer URI. issuer must start with https://
    jwks String
    OIDC verification keys in JWKS format (RFC 7517).
    issuerUrl string
    A JSON Web Token (JWT) issuer URI. issuer must start with https://
    jwks string
    OIDC verification keys in JWKS format (RFC 7517).
    issuer_url str
    A JSON Web Token (JWT) issuer URI. issuer must start with https://
    jwks str
    OIDC verification keys in JWKS format (RFC 7517).
    issuerUrl String
    A JSON Web Token (JWT) issuer URI. issuer must start with https://
    jwks String
    OIDC verification keys in JWKS format (RFC 7517).

    AttachedClusterProxyConfig, AttachedClusterProxyConfigArgs

    KubernetesSecret AttachedClusterProxyConfigKubernetesSecret
    The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.
    KubernetesSecret AttachedClusterProxyConfigKubernetesSecret
    The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.
    kubernetesSecret AttachedClusterProxyConfigKubernetesSecret
    The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.
    kubernetesSecret AttachedClusterProxyConfigKubernetesSecret
    The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.
    kubernetes_secret AttachedClusterProxyConfigKubernetesSecret
    The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.
    kubernetesSecret Property Map
    The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. Structure is documented below.

    AttachedClusterProxyConfigKubernetesSecret, AttachedClusterProxyConfigKubernetesSecretArgs

    Name string
    Name of the kubernetes secret containing the proxy config.
    Namespace string
    Namespace of the kubernetes secret containing the proxy config.
    Name string
    Name of the kubernetes secret containing the proxy config.
    Namespace string
    Namespace of the kubernetes secret containing the proxy config.
    name String
    Name of the kubernetes secret containing the proxy config.
    namespace String
    Namespace of the kubernetes secret containing the proxy config.
    name string
    Name of the kubernetes secret containing the proxy config.
    namespace string
    Namespace of the kubernetes secret containing the proxy config.
    name str
    Name of the kubernetes secret containing the proxy config.
    namespace str
    Namespace of the kubernetes secret containing the proxy config.
    name String
    Name of the kubernetes secret containing the proxy config.
    namespace String
    Namespace of the kubernetes secret containing the proxy config.

    AttachedClusterWorkloadIdentityConfig, AttachedClusterWorkloadIdentityConfigArgs

    IdentityProvider string
    The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
    IssuerUri string
    The OIDC issuer URL for this cluster.
    WorkloadPool string
    The Workload Identity Pool associated to the cluster.
    IdentityProvider string
    The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
    IssuerUri string
    The OIDC issuer URL for this cluster.
    WorkloadPool string
    The Workload Identity Pool associated to the cluster.
    identityProvider String
    The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
    issuerUri String
    The OIDC issuer URL for this cluster.
    workloadPool String
    The Workload Identity Pool associated to the cluster.
    identityProvider string
    The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
    issuerUri string
    The OIDC issuer URL for this cluster.
    workloadPool string
    The Workload Identity Pool associated to the cluster.
    identity_provider str
    The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
    issuer_uri str
    The OIDC issuer URL for this cluster.
    workload_pool str
    The Workload Identity Pool associated to the cluster.
    identityProvider String
    The ID of the OIDC Identity Provider (IdP) associated to the Workload Identity Pool.
    issuerUri String
    The OIDC issuer URL for this cluster.
    workloadPool String
    The Workload Identity Pool associated to the cluster.

    Import

    Cluster can be imported using any of these accepted formats:

    • projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}

    • {{project}}/{{location}}/{{name}}

    • {{location}}/{{name}}

    When using the pulumi import command, Cluster can be imported using one of the formats above. For example:

    $ pulumi import gcp:container/attachedCluster:AttachedCluster default projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}
    
    $ pulumi import gcp:container/attachedCluster:AttachedCluster default {{project}}/{{location}}/{{name}}
    
    $ pulumi import gcp:container/attachedCluster:AttachedCluster default {{location}}/{{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.18.0 published on Wednesday, Apr 10, 2024 by Pulumi