Google Cloud (GCP) Classic

v6.39.0 published on Wednesday, Sep 28, 2022 by Pulumi

Cluster

Manages a Google Kubernetes Engine (GKE) cluster. For more information see the official documentation and the API reference.

Warning: All arguments and attributes, including basic auth username and passwords as well as certificate outputs will be stored in the raw state as plaintext. Read more about secrets in state.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var @default = new Gcp.ServiceAccount.Account("default", new()
    {
        AccountId = "service-account-id",
        DisplayName = "Service Account",
    });

    var primary = new Gcp.Container.Cluster("primary", new()
    {
        Location = "us-central1",
        RemoveDefaultNodePool = true,
        InitialNodeCount = 1,
    });

    var primaryPreemptibleNodes = new Gcp.Container.NodePool("primaryPreemptibleNodes", new()
    {
        Location = "us-central1",
        Cluster = primary.Name,
        NodeCount = 1,
        NodeConfig = new Gcp.Container.Inputs.NodePoolNodeConfigArgs
        {
            Preemptible = true,
            MachineType = "e2-medium",
            ServiceAccount = @default.Email,
            OauthScopes = new[]
            {
                "https://www.googleapis.com/auth/cloud-platform",
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/container"
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := serviceAccount.NewAccount(ctx, "default", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("service-account-id"),
			DisplayName: pulumi.String("Service Account"),
		})
		if err != nil {
			return err
		}
		primary, err := container.NewCluster(ctx, "primary", &container.ClusterArgs{
			Location:              pulumi.String("us-central1"),
			RemoveDefaultNodePool: pulumi.Bool(true),
			InitialNodeCount:      pulumi.Int(1),
		})
		if err != nil {
			return err
		}
		_, err = container.NewNodePool(ctx, "primaryPreemptibleNodes", &container.NodePoolArgs{
			Location:  pulumi.String("us-central1"),
			Cluster:   primary.Name,
			NodeCount: pulumi.Int(1),
			NodeConfig: &container.NodePoolNodeConfigArgs{
				Preemptible:    pulumi.Bool(true),
				MachineType:    pulumi.String("e2-medium"),
				ServiceAccount: _default.Email,
				OauthScopes: pulumi.StringArray{
					pulumi.String("https://www.googleapis.com/auth/cloud-platform"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.container.NodePool;
import com.pulumi.gcp.container.NodePoolArgs;
import com.pulumi.gcp.container.inputs.NodePoolNodeConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new Account("default", AccountArgs.builder()        
            .accountId("service-account-id")
            .displayName("Service Account")
            .build());

        var primary = new Cluster("primary", ClusterArgs.builder()        
            .location("us-central1")
            .removeDefaultNodePool(true)
            .initialNodeCount(1)
            .build());

        var primaryPreemptibleNodes = new NodePool("primaryPreemptibleNodes", NodePoolArgs.builder()        
            .location("us-central1")
            .cluster(primary.name())
            .nodeCount(1)
            .nodeConfig(NodePoolNodeConfigArgs.builder()
                .preemptible(true)
                .machineType("e2-medium")
                .serviceAccount(default_.email())
                .oauthScopes("https://www.googleapis.com/auth/cloud-platform")
                .build())
            .build());

    }
}
import pulumi
import pulumi_gcp as gcp

default = gcp.service_account.Account("default",
    account_id="service-account-id",
    display_name="Service Account")
primary = gcp.container.Cluster("primary",
    location="us-central1",
    remove_default_node_pool=True,
    initial_node_count=1)
primary_preemptible_nodes = gcp.container.NodePool("primaryPreemptibleNodes",
    location="us-central1",
    cluster=primary.name,
    node_count=1,
    node_config=gcp.container.NodePoolNodeConfigArgs(
        preemptible=True,
        machine_type="e2-medium",
        service_account=default.email,
        oauth_scopes=["https://www.googleapis.com/auth/cloud-platform"],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const _default = new gcp.serviceaccount.Account("default", {
    accountId: "service-account-id",
    displayName: "Service Account",
});
const primary = new gcp.container.Cluster("primary", {
    location: "us-central1",
    removeDefaultNodePool: true,
    initialNodeCount: 1,
});
const primaryPreemptibleNodes = new gcp.container.NodePool("primaryPreemptibleNodes", {
    location: "us-central1",
    cluster: primary.name,
    nodeCount: 1,
    nodeConfig: {
        preemptible: true,
        machineType: "e2-medium",
        serviceAccount: _default.email,
        oauthScopes: ["https://www.googleapis.com/auth/cloud-platform"],
    },
});
resources:
  default:
    type: gcp:serviceAccount:Account
    properties:
      accountId: service-account-id
      displayName: Service Account
  primary:
    type: gcp:container:Cluster
    properties:
      location: us-central1
      # We can't create a cluster with no node pool defined, but we want to only use
      #   # separately managed node pools. So we create the smallest possible default
      #   # node pool and immediately delete it.
      removeDefaultNodePool: true
      initialNodeCount: 1
  primaryPreemptibleNodes:
    type: gcp:container:NodePool
    properties:
      location: us-central1
      cluster: ${primary.name}
      nodeCount: 1
      nodeConfig:
        preemptible: true
        machineType: e2-medium
        serviceAccount: ${default.email}
        oauthScopes:
          - https://www.googleapis.com/auth/cloud-platform

With The Default Node Pool

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.container.inputs.ClusterNodeConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new Account("default", AccountArgs.builder()        
            .accountId("service-account-id")
            .displayName("Service Account")
            .build());

        var primary = new Cluster("primary", ClusterArgs.builder()        
            .location("us-central1-a")
            .initialNodeCount(3)
            .nodeConfig(ClusterNodeConfigArgs.builder()
                .serviceAccount(default_.email())
                .oauthScopes("https://www.googleapis.com/auth/cloud-platform")
                .labels(Map.of("foo", "bar"))
                .tags(                
                    "foo",
                    "bar")
                .build())
            .timeouts(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
            .build());

    }
}

Coming soon!

Coming soon!

resources:
  default:
    type: gcp:serviceAccount:Account
    properties:
      accountId: service-account-id
      displayName: Service Account
  primary:
    type: gcp:container:Cluster
    properties:
      location: us-central1-a
      initialNodeCount: 3
      nodeConfig:
        serviceAccount: ${default.email}
        oauthScopes:
          - https://www.googleapis.com/auth/cloud-platform
        labels:
          foo: bar
        tags:
          - foo
          - bar
      timeouts:
        - create: 30m
          update: 40m

Autopilot

using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var @default = new Gcp.ServiceAccount.Account("default", new()
    {
        AccountId = "service-account-id",
        DisplayName = "Service Account",
    });

    var primary = new Gcp.Container.Cluster("primary", new()
    {
        EnableAutopilot = true,
        Location = "us-central1-a",
    });

});
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/container"
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := serviceAccount.NewAccount(ctx, "default", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("service-account-id"),
			DisplayName: pulumi.String("Service Account"),
		})
		if err != nil {
			return err
		}
		_, err = container.NewCluster(ctx, "primary", &container.ClusterArgs{
			EnableAutopilot: pulumi.Bool(true),
			Location:        pulumi.String("us-central1-a"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new Account("default", AccountArgs.builder()        
            .accountId("service-account-id")
            .displayName("Service Account")
            .build());

        var primary = new Cluster("primary", ClusterArgs.builder()        
            .enableAutopilot(true)
            .location("us-central1-a")
            .build());

    }
}
import pulumi
import pulumi_gcp as gcp

default = gcp.service_account.Account("default",
    account_id="service-account-id",
    display_name="Service Account")
primary = gcp.container.Cluster("primary",
    enable_autopilot=True,
    location="us-central1-a")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultAccount = new gcp.serviceAccount.Account("default", {
    accountId: "service-account-id",
    displayName: "Service Account",
});
const primary = new gcp.container.Cluster("primary", {
    enableAutopilot: true,
    location: "us-central1-a",
}, { timeouts: {
    create: "30m",
    update: "40m",
} });
resources:
  default:
    type: gcp:serviceAccount:Account
    properties:
      accountId: service-account-id
      displayName: Service Account
  primary:
    type: gcp:container:Cluster
    properties:
      enableAutopilot: true
      location: us-central1-a

Create a Cluster Resource

new Cluster(name: string, args?: ClusterArgs, opts?: CustomResourceOptions);
@overload
def Cluster(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            addons_config: Optional[ClusterAddonsConfigArgs] = None,
            authenticator_groups_config: Optional[ClusterAuthenticatorGroupsConfigArgs] = None,
            binary_authorization: Optional[ClusterBinaryAuthorizationArgs] = None,
            cluster_autoscaling: Optional[ClusterClusterAutoscalingArgs] = None,
            cluster_ipv4_cidr: Optional[str] = None,
            cluster_telemetry: Optional[ClusterClusterTelemetryArgs] = None,
            confidential_nodes: Optional[ClusterConfidentialNodesArgs] = None,
            cost_management_config: Optional[ClusterCostManagementConfigArgs] = None,
            database_encryption: Optional[ClusterDatabaseEncryptionArgs] = None,
            datapath_provider: Optional[str] = None,
            default_max_pods_per_node: Optional[int] = None,
            default_snat_status: Optional[ClusterDefaultSnatStatusArgs] = None,
            description: Optional[str] = None,
            dns_config: Optional[ClusterDnsConfigArgs] = None,
            enable_autopilot: Optional[bool] = None,
            enable_binary_authorization: Optional[bool] = None,
            enable_intranode_visibility: Optional[bool] = None,
            enable_kubernetes_alpha: Optional[bool] = None,
            enable_l4_ilb_subsetting: Optional[bool] = None,
            enable_legacy_abac: Optional[bool] = None,
            enable_shielded_nodes: Optional[bool] = None,
            enable_tpu: Optional[bool] = None,
            identity_service_config: Optional[ClusterIdentityServiceConfigArgs] = None,
            initial_node_count: Optional[int] = None,
            ip_allocation_policy: Optional[ClusterIpAllocationPolicyArgs] = None,
            location: Optional[str] = None,
            logging_config: Optional[ClusterLoggingConfigArgs] = None,
            logging_service: Optional[str] = None,
            maintenance_policy: Optional[ClusterMaintenancePolicyArgs] = None,
            master_auth: Optional[ClusterMasterAuthArgs] = None,
            master_authorized_networks_config: Optional[ClusterMasterAuthorizedNetworksConfigArgs] = None,
            mesh_certificates: Optional[ClusterMeshCertificatesArgs] = None,
            min_master_version: Optional[str] = None,
            monitoring_config: Optional[ClusterMonitoringConfigArgs] = None,
            monitoring_service: Optional[str] = None,
            name: Optional[str] = None,
            network: Optional[str] = None,
            network_policy: Optional[ClusterNetworkPolicyArgs] = None,
            networking_mode: Optional[str] = None,
            node_config: Optional[ClusterNodeConfigArgs] = None,
            node_locations: Optional[Sequence[str]] = None,
            node_pool_auto_config: Optional[ClusterNodePoolAutoConfigArgs] = None,
            node_pool_defaults: Optional[ClusterNodePoolDefaultsArgs] = None,
            node_pools: Optional[Sequence[ClusterNodePoolArgs]] = None,
            node_version: Optional[str] = None,
            notification_config: Optional[ClusterNotificationConfigArgs] = None,
            pod_security_policy_config: Optional[ClusterPodSecurityPolicyConfigArgs] = None,
            private_cluster_config: Optional[ClusterPrivateClusterConfigArgs] = None,
            private_ipv6_google_access: Optional[str] = None,
            project: Optional[str] = None,
            release_channel: Optional[ClusterReleaseChannelArgs] = None,
            remove_default_node_pool: Optional[bool] = None,
            resource_labels: Optional[Mapping[str, str]] = None,
            resource_usage_export_config: Optional[ClusterResourceUsageExportConfigArgs] = None,
            service_external_ips_config: Optional[ClusterServiceExternalIpsConfigArgs] = None,
            subnetwork: Optional[str] = None,
            tpu_config: Optional[ClusterTpuConfigArgs] = None,
            vertical_pod_autoscaling: Optional[ClusterVerticalPodAutoscalingArgs] = None,
            workload_identity_config: Optional[ClusterWorkloadIdentityConfigArgs] = None)
@overload
def Cluster(resource_name: str,
            args: Optional[ClusterArgs] = None,
            opts: Optional[ResourceOptions] = None)
func NewCluster(ctx *Context, name string, args *ClusterArgs, opts ...ResourceOption) (*Cluster, error)
public Cluster(string name, ClusterArgs? args = null, CustomResourceOptions? opts = null)
public Cluster(String name, ClusterArgs args)
public Cluster(String name, ClusterArgs args, CustomResourceOptions options)
type: gcp:container:Cluster
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ClusterArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ClusterArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ClusterArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ClusterArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ClusterArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Cluster Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Cluster resource accepts the following input properties:

AddonsConfig ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

BinaryAuthorization ClusterBinaryAuthorizationArgs

Configuration options for the Binary Authorization feature. Structure is documented below.

ClusterAutoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

ClusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

ClusterTelemetry ClusterClusterTelemetryArgs

Configuration for ClusterTelemetry feature, Structure is documented below.

ConfidentialNodes ClusterConfidentialNodesArgs

Configuration for Confidential Nodes feature. Structure is documented below documented below.

CostManagementConfig ClusterCostManagementConfigArgs

Cost management configuration for the cluster.

DatabaseEncryption ClusterDatabaseEncryptionArgs

Structure is documented below.

DatapathProvider string

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

DefaultMaxPodsPerNode int

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

DefaultSnatStatus ClusterDefaultSnatStatusArgs

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

Description string

Description of the cluster.

DnsConfig ClusterDnsConfigArgs

Configuration for Using Cloud DNS for GKE. Structure is documented below.

EnableAutopilot bool

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

EnableBinaryAuthorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

EnableIntranodeVisibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

EnableKubernetesAlpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

EnableL4IlbSubsetting bool

Whether L4ILB Subsetting is enabled for this cluster.

EnableLegacyAbac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

EnableShieldedNodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

EnableTpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

IdentityServiceConfig ClusterIdentityServiceConfigArgs

. Structure is documented below.

InitialNodeCount int

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

IpAllocationPolicy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

Location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

LoggingConfig ClusterLoggingConfigArgs

Logging configuration for the cluster. Structure is documented below.

LoggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

MaintenancePolicy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

MasterAuth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

MeshCertificates ClusterMeshCertificatesArgs

Structure is documented below.

MinMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

MonitoringConfig ClusterMonitoringConfigArgs

Monitoring configuration for the cluster. Structure is documented below.

MonitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

Name string

The name of the cluster, unique within the project and location.

Network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

NetworkPolicy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

NetworkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

NodeConfig ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

NodeLocations List<string>

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

NodePoolAutoConfig ClusterNodePoolAutoConfigArgs

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

NodePoolDefaults ClusterNodePoolDefaultsArgs

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

NodePools List<ClusterNodePoolArgs>

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

NodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

NotificationConfig ClusterNotificationConfigArgs

Configuration for the cluster upgrade notifications feature. Structure is documented below.

PodSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

PrivateClusterConfig ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

PrivateIpv6GoogleAccess string

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ReleaseChannel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

RemoveDefaultNodePool bool

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

ResourceLabels Dictionary<string, string>

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

ResourceUsageExportConfig ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

ServiceExternalIpsConfig ClusterServiceExternalIpsConfigArgs

Structure is documented below.

Subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

TpuConfig ClusterTpuConfigArgs

TPU configuration for the cluster.

VerticalPodAutoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

WorkloadIdentityConfig ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

AddonsConfig ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

BinaryAuthorization ClusterBinaryAuthorizationArgs

Configuration options for the Binary Authorization feature. Structure is documented below.

ClusterAutoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

ClusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

ClusterTelemetry ClusterClusterTelemetryArgs

Configuration for ClusterTelemetry feature, Structure is documented below.

ConfidentialNodes ClusterConfidentialNodesArgs

Configuration for Confidential Nodes feature. Structure is documented below documented below.

CostManagementConfig ClusterCostManagementConfigArgs

Cost management configuration for the cluster.

DatabaseEncryption ClusterDatabaseEncryptionArgs

Structure is documented below.

DatapathProvider string

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

DefaultMaxPodsPerNode int

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

DefaultSnatStatus ClusterDefaultSnatStatusArgs

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

Description string

Description of the cluster.

DnsConfig ClusterDnsConfigArgs

Configuration for Using Cloud DNS for GKE. Structure is documented below.

EnableAutopilot bool

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

EnableBinaryAuthorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

EnableIntranodeVisibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

EnableKubernetesAlpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

EnableL4IlbSubsetting bool

Whether L4ILB Subsetting is enabled for this cluster.

EnableLegacyAbac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

EnableShieldedNodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

EnableTpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

IdentityServiceConfig ClusterIdentityServiceConfigArgs

. Structure is documented below.

InitialNodeCount int

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

IpAllocationPolicy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

Location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

LoggingConfig ClusterLoggingConfigArgs

Logging configuration for the cluster. Structure is documented below.

LoggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

MaintenancePolicy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

MasterAuth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

MeshCertificates ClusterMeshCertificatesArgs

Structure is documented below.

MinMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

MonitoringConfig ClusterMonitoringConfigArgs

Monitoring configuration for the cluster. Structure is documented below.

MonitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

Name string

The name of the cluster, unique within the project and location.

Network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

NetworkPolicy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

NetworkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

NodeConfig ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

NodeLocations []string

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

NodePoolAutoConfig ClusterNodePoolAutoConfigArgs

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

NodePoolDefaults ClusterNodePoolDefaultsArgs

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

NodePools []ClusterNodePoolArgs

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

NodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

NotificationConfig ClusterNotificationConfigArgs

Configuration for the cluster upgrade notifications feature. Structure is documented below.

PodSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

PrivateClusterConfig ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

PrivateIpv6GoogleAccess string

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ReleaseChannel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

RemoveDefaultNodePool bool

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

ResourceLabels map[string]string

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

ResourceUsageExportConfig ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

ServiceExternalIpsConfig ClusterServiceExternalIpsConfigArgs

Structure is documented below.

Subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

TpuConfig ClusterTpuConfigArgs

TPU configuration for the cluster.

VerticalPodAutoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

WorkloadIdentityConfig ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addonsConfig ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

authenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

binaryAuthorization ClusterBinaryAuthorizationArgs

Configuration options for the Binary Authorization feature. Structure is documented below.

clusterAutoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

clusterIpv4Cidr String

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

clusterTelemetry ClusterClusterTelemetryArgs

Configuration for ClusterTelemetry feature, Structure is documented below.

confidentialNodes ClusterConfidentialNodesArgs

Configuration for Confidential Nodes feature. Structure is documented below documented below.

costManagementConfig ClusterCostManagementConfigArgs

Cost management configuration for the cluster.

databaseEncryption ClusterDatabaseEncryptionArgs

Structure is documented below.

datapathProvider String

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

defaultMaxPodsPerNode Integer

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

defaultSnatStatus ClusterDefaultSnatStatusArgs

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

description String

Description of the cluster.

dnsConfig ClusterDnsConfigArgs

Configuration for Using Cloud DNS for GKE. Structure is documented below.

enableAutopilot Boolean

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

enableBinaryAuthorization Boolean

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

enableIntranodeVisibility Boolean

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enableKubernetesAlpha Boolean

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enableL4IlbSubsetting Boolean

Whether L4ILB Subsetting is enabled for this cluster.

enableLegacyAbac Boolean

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enableShieldedNodes Boolean

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

enableTpu Boolean

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

identityServiceConfig ClusterIdentityServiceConfigArgs

. Structure is documented below.

initialNodeCount Integer

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

ipAllocationPolicy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

location String

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

loggingConfig ClusterLoggingConfigArgs

Logging configuration for the cluster. Structure is documented below.

loggingService String

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenancePolicy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

masterAuth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

meshCertificates ClusterMeshCertificatesArgs

Structure is documented below.

minMasterVersion String

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoringConfig ClusterMonitoringConfigArgs

Monitoring configuration for the cluster. Structure is documented below.

monitoringService String

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name String

The name of the cluster, unique within the project and location.

network String

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

networkPolicy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

networkingMode String

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

nodeConfig ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

nodeLocations List<String>

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

nodePoolAutoConfig ClusterNodePoolAutoConfigArgs

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

nodePoolDefaults ClusterNodePoolDefaultsArgs

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

nodePools List<ClusterNodePoolArgs>

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

nodeVersion String

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

notificationConfig ClusterNotificationConfigArgs

Configuration for the cluster upgrade notifications feature. Structure is documented below.

podSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

privateClusterConfig ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

privateIpv6GoogleAccess String

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

releaseChannel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

removeDefaultNodePool Boolean

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resourceLabels Map<String,String>

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resourceUsageExportConfig ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

serviceExternalIpsConfig ClusterServiceExternalIpsConfigArgs

Structure is documented below.

subnetwork String

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

tpuConfig ClusterTpuConfigArgs

TPU configuration for the cluster.

verticalPodAutoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workloadIdentityConfig ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addonsConfig ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

authenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

binaryAuthorization ClusterBinaryAuthorizationArgs

Configuration options for the Binary Authorization feature. Structure is documented below.

clusterAutoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

clusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

clusterTelemetry ClusterClusterTelemetryArgs

Configuration for ClusterTelemetry feature, Structure is documented below.

confidentialNodes ClusterConfidentialNodesArgs

Configuration for Confidential Nodes feature. Structure is documented below documented below.

costManagementConfig ClusterCostManagementConfigArgs

Cost management configuration for the cluster.

databaseEncryption ClusterDatabaseEncryptionArgs

Structure is documented below.

datapathProvider string

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

defaultMaxPodsPerNode number

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

defaultSnatStatus ClusterDefaultSnatStatusArgs

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

description string

Description of the cluster.

dnsConfig ClusterDnsConfigArgs

Configuration for Using Cloud DNS for GKE. Structure is documented below.

enableAutopilot boolean

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

enableBinaryAuthorization boolean

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

enableIntranodeVisibility boolean

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enableKubernetesAlpha boolean

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enableL4IlbSubsetting boolean

Whether L4ILB Subsetting is enabled for this cluster.

enableLegacyAbac boolean

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enableShieldedNodes boolean

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

enableTpu boolean

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

identityServiceConfig ClusterIdentityServiceConfigArgs

. Structure is documented below.

initialNodeCount number

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

ipAllocationPolicy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

loggingConfig ClusterLoggingConfigArgs

Logging configuration for the cluster. Structure is documented below.

loggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenancePolicy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

masterAuth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

meshCertificates ClusterMeshCertificatesArgs

Structure is documented below.

minMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoringConfig ClusterMonitoringConfigArgs

Monitoring configuration for the cluster. Structure is documented below.

monitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name string

The name of the cluster, unique within the project and location.

network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

networkPolicy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

networkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

nodeConfig ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

nodeLocations string[]

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

nodePoolAutoConfig ClusterNodePoolAutoConfigArgs

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

nodePoolDefaults ClusterNodePoolDefaultsArgs

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

nodePools ClusterNodePoolArgs[]

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

nodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

notificationConfig ClusterNotificationConfigArgs

Configuration for the cluster upgrade notifications feature. Structure is documented below.

podSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

privateClusterConfig ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

privateIpv6GoogleAccess string

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

releaseChannel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

removeDefaultNodePool boolean

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resourceLabels {[key: string]: string}

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resourceUsageExportConfig ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

serviceExternalIpsConfig ClusterServiceExternalIpsConfigArgs

Structure is documented below.

subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

tpuConfig ClusterTpuConfigArgs

TPU configuration for the cluster.

verticalPodAutoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workloadIdentityConfig ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addons_config ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

authenticator_groups_config ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

binary_authorization ClusterBinaryAuthorizationArgs

Configuration options for the Binary Authorization feature. Structure is documented below.

cluster_autoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

cluster_ipv4_cidr str

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

cluster_telemetry ClusterClusterTelemetryArgs

Configuration for ClusterTelemetry feature, Structure is documented below.

confidential_nodes ClusterConfidentialNodesArgs

Configuration for Confidential Nodes feature. Structure is documented below documented below.

cost_management_config ClusterCostManagementConfigArgs

Cost management configuration for the cluster.

database_encryption ClusterDatabaseEncryptionArgs

Structure is documented below.

datapath_provider str

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

default_max_pods_per_node int

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

default_snat_status ClusterDefaultSnatStatusArgs

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

description str

Description of the cluster.

dns_config ClusterDnsConfigArgs

Configuration for Using Cloud DNS for GKE. Structure is documented below.

enable_autopilot bool

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

enable_binary_authorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

enable_intranode_visibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enable_kubernetes_alpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enable_l4_ilb_subsetting bool

Whether L4ILB Subsetting is enabled for this cluster.

enable_legacy_abac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enable_shielded_nodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

enable_tpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

identity_service_config ClusterIdentityServiceConfigArgs

. Structure is documented below.

initial_node_count int

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

ip_allocation_policy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

location str

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

logging_config ClusterLoggingConfigArgs

Logging configuration for the cluster. Structure is documented below.

logging_service str

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenance_policy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

master_auth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

master_authorized_networks_config ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

mesh_certificates ClusterMeshCertificatesArgs

Structure is documented below.

min_master_version str

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoring_config ClusterMonitoringConfigArgs

Monitoring configuration for the cluster. Structure is documented below.

monitoring_service str

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name str

The name of the cluster, unique within the project and location.

network str

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

network_policy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

networking_mode str

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

node_config ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

node_locations Sequence[str]

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

node_pool_auto_config ClusterNodePoolAutoConfigArgs

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

node_pool_defaults ClusterNodePoolDefaultsArgs

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

node_pools Sequence[ClusterNodePoolArgs]

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

node_version str

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

notification_config ClusterNotificationConfigArgs

Configuration for the cluster upgrade notifications feature. Structure is documented below.

pod_security_policy_config ClusterPodSecurityPolicyConfigArgs

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

private_cluster_config ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

private_ipv6_google_access str

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

release_channel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

remove_default_node_pool bool

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resource_labels Mapping[str, str]

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resource_usage_export_config ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

service_external_ips_config ClusterServiceExternalIpsConfigArgs

Structure is documented below.

subnetwork str

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

tpu_config ClusterTpuConfigArgs

TPU configuration for the cluster.

vertical_pod_autoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workload_identity_config ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addonsConfig Property Map

The configuration for addons supported by GKE. Structure is documented below.

authenticatorGroupsConfig Property Map

Configuration for the Google Groups for GKE feature. Structure is documented below.

binaryAuthorization Property Map

Configuration options for the Binary Authorization feature. Structure is documented below.

clusterAutoscaling Property Map

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

clusterIpv4Cidr String

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

clusterTelemetry Property Map

Configuration for ClusterTelemetry feature, Structure is documented below.

confidentialNodes Property Map

Configuration for Confidential Nodes feature. Structure is documented below documented below.

costManagementConfig Property Map

Cost management configuration for the cluster.

databaseEncryption Property Map

Structure is documented below.

datapathProvider String

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

defaultMaxPodsPerNode Number

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

defaultSnatStatus Property Map

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

description String

Description of the cluster.

dnsConfig Property Map

Configuration for Using Cloud DNS for GKE. Structure is documented below.

enableAutopilot Boolean

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

enableBinaryAuthorization Boolean

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

enableIntranodeVisibility Boolean

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enableKubernetesAlpha Boolean

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enableL4IlbSubsetting Boolean

Whether L4ILB Subsetting is enabled for this cluster.

enableLegacyAbac Boolean

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enableShieldedNodes Boolean

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

enableTpu Boolean

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

identityServiceConfig Property Map

. Structure is documented below.

initialNodeCount Number

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

ipAllocationPolicy Property Map

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

location String

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

loggingConfig Property Map

Logging configuration for the cluster. Structure is documented below.

loggingService String

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenancePolicy Property Map

The maintenance policy to use for the cluster. Structure is documented below.

masterAuth Property Map

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

masterAuthorizedNetworksConfig Property Map

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

meshCertificates Property Map

Structure is documented below.

minMasterVersion String

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoringConfig Property Map

Monitoring configuration for the cluster. Structure is documented below.

monitoringService String

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name String

The name of the cluster, unique within the project and location.

network String

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

networkPolicy Property Map

Configuration options for the NetworkPolicy feature. Structure is documented below.

networkingMode String

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

nodeConfig Property Map

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

nodeLocations List<String>

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

nodePoolAutoConfig Property Map

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

nodePoolDefaults Property Map

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

nodePools List<Property Map>

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

nodeVersion String

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

notificationConfig Property Map

Configuration for the cluster upgrade notifications feature. Structure is documented below.

podSecurityPolicyConfig Property Map

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

privateClusterConfig Property Map

Configuration for private clusters, clusters with private nodes. Structure is documented below.

privateIpv6GoogleAccess String

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

releaseChannel Property Map

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

removeDefaultNodePool Boolean

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resourceLabels Map<String>

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resourceUsageExportConfig Property Map

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

serviceExternalIpsConfig Property Map

Structure is documented below.

subnetwork String

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

tpuConfig Property Map

TPU configuration for the cluster.

verticalPodAutoscaling Property Map

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workloadIdentityConfig Property Map

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Cluster resource produces the following output properties:

Endpoint string

The IP address of this cluster's Kubernetes master.

Id string

The provider-assigned unique ID for this managed resource.

LabelFingerprint string

The fingerprint of the set of labels for this cluster.

MasterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

Operation string
SelfLink string

The server-defined URL for the resource.

ServicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

TpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

Endpoint string

The IP address of this cluster's Kubernetes master.

Id string

The provider-assigned unique ID for this managed resource.

LabelFingerprint string

The fingerprint of the set of labels for this cluster.

MasterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

Operation string
SelfLink string

The server-defined URL for the resource.

ServicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

TpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

endpoint String

The IP address of this cluster's Kubernetes master.

id String

The provider-assigned unique ID for this managed resource.

labelFingerprint String

The fingerprint of the set of labels for this cluster.

masterVersion String

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

operation String
selfLink String

The server-defined URL for the resource.

servicesIpv4Cidr String

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

tpuIpv4CidrBlock String

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

endpoint string

The IP address of this cluster's Kubernetes master.

id string

The provider-assigned unique ID for this managed resource.

labelFingerprint string

The fingerprint of the set of labels for this cluster.

masterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

operation string
selfLink string

The server-defined URL for the resource.

servicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

tpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

endpoint str

The IP address of this cluster's Kubernetes master.

id str

The provider-assigned unique ID for this managed resource.

label_fingerprint str

The fingerprint of the set of labels for this cluster.

master_version str

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

operation str
self_link str

The server-defined URL for the resource.

services_ipv4_cidr str

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

tpu_ipv4_cidr_block str

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

endpoint String

The IP address of this cluster's Kubernetes master.

id String

The provider-assigned unique ID for this managed resource.

labelFingerprint String

The fingerprint of the set of labels for this cluster.

masterVersion String

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

operation String
selfLink String

The server-defined URL for the resource.

servicesIpv4Cidr String

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

tpuIpv4CidrBlock String

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

Look up an Existing Cluster Resource

Get an existing Cluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ClusterState, opts?: CustomResourceOptions): Cluster
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        addons_config: Optional[ClusterAddonsConfigArgs] = None,
        authenticator_groups_config: Optional[ClusterAuthenticatorGroupsConfigArgs] = None,
        binary_authorization: Optional[ClusterBinaryAuthorizationArgs] = None,
        cluster_autoscaling: Optional[ClusterClusterAutoscalingArgs] = None,
        cluster_ipv4_cidr: Optional[str] = None,
        cluster_telemetry: Optional[ClusterClusterTelemetryArgs] = None,
        confidential_nodes: Optional[ClusterConfidentialNodesArgs] = None,
        cost_management_config: Optional[ClusterCostManagementConfigArgs] = None,
        database_encryption: Optional[ClusterDatabaseEncryptionArgs] = None,
        datapath_provider: Optional[str] = None,
        default_max_pods_per_node: Optional[int] = None,
        default_snat_status: Optional[ClusterDefaultSnatStatusArgs] = None,
        description: Optional[str] = None,
        dns_config: Optional[ClusterDnsConfigArgs] = None,
        enable_autopilot: Optional[bool] = None,
        enable_binary_authorization: Optional[bool] = None,
        enable_intranode_visibility: Optional[bool] = None,
        enable_kubernetes_alpha: Optional[bool] = None,
        enable_l4_ilb_subsetting: Optional[bool] = None,
        enable_legacy_abac: Optional[bool] = None,
        enable_shielded_nodes: Optional[bool] = None,
        enable_tpu: Optional[bool] = None,
        endpoint: Optional[str] = None,
        identity_service_config: Optional[ClusterIdentityServiceConfigArgs] = None,
        initial_node_count: Optional[int] = None,
        ip_allocation_policy: Optional[ClusterIpAllocationPolicyArgs] = None,
        label_fingerprint: Optional[str] = None,
        location: Optional[str] = None,
        logging_config: Optional[ClusterLoggingConfigArgs] = None,
        logging_service: Optional[str] = None,
        maintenance_policy: Optional[ClusterMaintenancePolicyArgs] = None,
        master_auth: Optional[ClusterMasterAuthArgs] = None,
        master_authorized_networks_config: Optional[ClusterMasterAuthorizedNetworksConfigArgs] = None,
        master_version: Optional[str] = None,
        mesh_certificates: Optional[ClusterMeshCertificatesArgs] = None,
        min_master_version: Optional[str] = None,
        monitoring_config: Optional[ClusterMonitoringConfigArgs] = None,
        monitoring_service: Optional[str] = None,
        name: Optional[str] = None,
        network: Optional[str] = None,
        network_policy: Optional[ClusterNetworkPolicyArgs] = None,
        networking_mode: Optional[str] = None,
        node_config: Optional[ClusterNodeConfigArgs] = None,
        node_locations: Optional[Sequence[str]] = None,
        node_pool_auto_config: Optional[ClusterNodePoolAutoConfigArgs] = None,
        node_pool_defaults: Optional[ClusterNodePoolDefaultsArgs] = None,
        node_pools: Optional[Sequence[ClusterNodePoolArgs]] = None,
        node_version: Optional[str] = None,
        notification_config: Optional[ClusterNotificationConfigArgs] = None,
        operation: Optional[str] = None,
        pod_security_policy_config: Optional[ClusterPodSecurityPolicyConfigArgs] = None,
        private_cluster_config: Optional[ClusterPrivateClusterConfigArgs] = None,
        private_ipv6_google_access: Optional[str] = None,
        project: Optional[str] = None,
        release_channel: Optional[ClusterReleaseChannelArgs] = None,
        remove_default_node_pool: Optional[bool] = None,
        resource_labels: Optional[Mapping[str, str]] = None,
        resource_usage_export_config: Optional[ClusterResourceUsageExportConfigArgs] = None,
        self_link: Optional[str] = None,
        service_external_ips_config: Optional[ClusterServiceExternalIpsConfigArgs] = None,
        services_ipv4_cidr: Optional[str] = None,
        subnetwork: Optional[str] = None,
        tpu_config: Optional[ClusterTpuConfigArgs] = None,
        tpu_ipv4_cidr_block: Optional[str] = None,
        vertical_pod_autoscaling: Optional[ClusterVerticalPodAutoscalingArgs] = None,
        workload_identity_config: Optional[ClusterWorkloadIdentityConfigArgs] = None) -> Cluster
func GetCluster(ctx *Context, name string, id IDInput, state *ClusterState, opts ...ResourceOption) (*Cluster, error)
public static Cluster Get(string name, Input<string> id, ClusterState? state, CustomResourceOptions? opts = null)
public static Cluster get(String name, Output<String> id, ClusterState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AddonsConfig ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

BinaryAuthorization ClusterBinaryAuthorizationArgs

Configuration options for the Binary Authorization feature. Structure is documented below.

ClusterAutoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

ClusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

ClusterTelemetry ClusterClusterTelemetryArgs

Configuration for ClusterTelemetry feature, Structure is documented below.

ConfidentialNodes ClusterConfidentialNodesArgs

Configuration for Confidential Nodes feature. Structure is documented below documented below.

CostManagementConfig ClusterCostManagementConfigArgs

Cost management configuration for the cluster.

DatabaseEncryption ClusterDatabaseEncryptionArgs

Structure is documented below.

DatapathProvider string

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

DefaultMaxPodsPerNode int

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

DefaultSnatStatus ClusterDefaultSnatStatusArgs

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

Description string

Description of the cluster.

DnsConfig ClusterDnsConfigArgs

Configuration for Using Cloud DNS for GKE. Structure is documented below.

EnableAutopilot bool

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

EnableBinaryAuthorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

EnableIntranodeVisibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

EnableKubernetesAlpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

EnableL4IlbSubsetting bool

Whether L4ILB Subsetting is enabled for this cluster.

EnableLegacyAbac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

EnableShieldedNodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

EnableTpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

Endpoint string

The IP address of this cluster's Kubernetes master.

IdentityServiceConfig ClusterIdentityServiceConfigArgs

. Structure is documented below.

InitialNodeCount int

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

IpAllocationPolicy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

LabelFingerprint string

The fingerprint of the set of labels for this cluster.

Location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

LoggingConfig ClusterLoggingConfigArgs

Logging configuration for the cluster. Structure is documented below.

LoggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

MaintenancePolicy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

MasterAuth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

MasterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

MeshCertificates ClusterMeshCertificatesArgs

Structure is documented below.

MinMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

MonitoringConfig ClusterMonitoringConfigArgs

Monitoring configuration for the cluster. Structure is documented below.

MonitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

Name string

The name of the cluster, unique within the project and location.

Network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

NetworkPolicy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

NetworkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

NodeConfig ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

NodeLocations List<string>

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

NodePoolAutoConfig ClusterNodePoolAutoConfigArgs

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

NodePoolDefaults ClusterNodePoolDefaultsArgs

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

NodePools List<ClusterNodePoolArgs>

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

NodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

NotificationConfig ClusterNotificationConfigArgs

Configuration for the cluster upgrade notifications feature. Structure is documented below.

Operation string
PodSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

PrivateClusterConfig ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

PrivateIpv6GoogleAccess string

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ReleaseChannel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

RemoveDefaultNodePool bool

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

ResourceLabels Dictionary<string, string>

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

ResourceUsageExportConfig ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

SelfLink string

The server-defined URL for the resource.

ServiceExternalIpsConfig ClusterServiceExternalIpsConfigArgs

Structure is documented below.

ServicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

Subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

TpuConfig ClusterTpuConfigArgs

TPU configuration for the cluster.

TpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

VerticalPodAutoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

WorkloadIdentityConfig ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

AddonsConfig ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

BinaryAuthorization ClusterBinaryAuthorizationArgs

Configuration options for the Binary Authorization feature. Structure is documented below.

ClusterAutoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

ClusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

ClusterTelemetry ClusterClusterTelemetryArgs

Configuration for ClusterTelemetry feature, Structure is documented below.

ConfidentialNodes ClusterConfidentialNodesArgs

Configuration for Confidential Nodes feature. Structure is documented below documented below.

CostManagementConfig ClusterCostManagementConfigArgs

Cost management configuration for the cluster.

DatabaseEncryption ClusterDatabaseEncryptionArgs

Structure is documented below.

DatapathProvider string

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

DefaultMaxPodsPerNode int

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

DefaultSnatStatus ClusterDefaultSnatStatusArgs

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

Description string

Description of the cluster.

DnsConfig ClusterDnsConfigArgs

Configuration for Using Cloud DNS for GKE. Structure is documented below.

EnableAutopilot bool

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

EnableBinaryAuthorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

EnableIntranodeVisibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

EnableKubernetesAlpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

EnableL4IlbSubsetting bool

Whether L4ILB Subsetting is enabled for this cluster.

EnableLegacyAbac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

EnableShieldedNodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

EnableTpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

Endpoint string

The IP address of this cluster's Kubernetes master.

IdentityServiceConfig ClusterIdentityServiceConfigArgs

. Structure is documented below.

InitialNodeCount int

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

IpAllocationPolicy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

LabelFingerprint string

The fingerprint of the set of labels for this cluster.

Location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

LoggingConfig ClusterLoggingConfigArgs

Logging configuration for the cluster. Structure is documented below.

LoggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

MaintenancePolicy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

MasterAuth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

MasterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

MeshCertificates ClusterMeshCertificatesArgs

Structure is documented below.

MinMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

MonitoringConfig ClusterMonitoringConfigArgs

Monitoring configuration for the cluster. Structure is documented below.

MonitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

Name string

The name of the cluster, unique within the project and location.

Network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

NetworkPolicy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

NetworkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

NodeConfig ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

NodeLocations []string

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

NodePoolAutoConfig ClusterNodePoolAutoConfigArgs

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

NodePoolDefaults ClusterNodePoolDefaultsArgs

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

NodePools []ClusterNodePoolArgs

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

NodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

NotificationConfig ClusterNotificationConfigArgs

Configuration for the cluster upgrade notifications feature. Structure is documented below.

Operation string
PodSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

PrivateClusterConfig ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

PrivateIpv6GoogleAccess string

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ReleaseChannel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

RemoveDefaultNodePool bool

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

ResourceLabels map[string]string

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

ResourceUsageExportConfig ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

SelfLink string

The server-defined URL for the resource.

ServiceExternalIpsConfig ClusterServiceExternalIpsConfigArgs

Structure is documented below.

ServicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

Subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

TpuConfig ClusterTpuConfigArgs

TPU configuration for the cluster.

TpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

VerticalPodAutoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

WorkloadIdentityConfig ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addonsConfig ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

authenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

binaryAuthorization ClusterBinaryAuthorizationArgs

Configuration options for the Binary Authorization feature. Structure is documented below.

clusterAutoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

clusterIpv4Cidr String

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

clusterTelemetry ClusterClusterTelemetryArgs

Configuration for ClusterTelemetry feature, Structure is documented below.

confidentialNodes ClusterConfidentialNodesArgs

Configuration for Confidential Nodes feature. Structure is documented below documented below.

costManagementConfig ClusterCostManagementConfigArgs

Cost management configuration for the cluster.

databaseEncryption ClusterDatabaseEncryptionArgs

Structure is documented below.

datapathProvider String

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

defaultMaxPodsPerNode Integer

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

defaultSnatStatus ClusterDefaultSnatStatusArgs

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

description String

Description of the cluster.

dnsConfig ClusterDnsConfigArgs

Configuration for Using Cloud DNS for GKE. Structure is documented below.

enableAutopilot Boolean

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

enableBinaryAuthorization Boolean

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

enableIntranodeVisibility Boolean

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enableKubernetesAlpha Boolean

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enableL4IlbSubsetting Boolean

Whether L4ILB Subsetting is enabled for this cluster.

enableLegacyAbac Boolean

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enableShieldedNodes Boolean

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

enableTpu Boolean

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

endpoint String

The IP address of this cluster's Kubernetes master.

identityServiceConfig ClusterIdentityServiceConfigArgs

. Structure is documented below.

initialNodeCount Integer

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

ipAllocationPolicy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

labelFingerprint String

The fingerprint of the set of labels for this cluster.

location String

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

loggingConfig ClusterLoggingConfigArgs

Logging configuration for the cluster. Structure is documented below.

loggingService String

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenancePolicy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

masterAuth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

masterVersion String

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

meshCertificates ClusterMeshCertificatesArgs

Structure is documented below.

minMasterVersion String

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoringConfig ClusterMonitoringConfigArgs

Monitoring configuration for the cluster. Structure is documented below.

monitoringService String

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name String

The name of the cluster, unique within the project and location.

network String

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

networkPolicy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

networkingMode String

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

nodeConfig ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

nodeLocations List<String>

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

nodePoolAutoConfig ClusterNodePoolAutoConfigArgs

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

nodePoolDefaults ClusterNodePoolDefaultsArgs

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

nodePools List<ClusterNodePoolArgs>

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

nodeVersion String

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

notificationConfig ClusterNotificationConfigArgs

Configuration for the cluster upgrade notifications feature. Structure is documented below.

operation String
podSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

privateClusterConfig ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

privateIpv6GoogleAccess String

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

releaseChannel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

removeDefaultNodePool Boolean

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resourceLabels Map<String,String>

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resourceUsageExportConfig ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

selfLink String

The server-defined URL for the resource.

serviceExternalIpsConfig ClusterServiceExternalIpsConfigArgs

Structure is documented below.

servicesIpv4Cidr String

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

subnetwork String

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

tpuConfig ClusterTpuConfigArgs

TPU configuration for the cluster.

tpuIpv4CidrBlock String

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

verticalPodAutoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workloadIdentityConfig ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addonsConfig ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

authenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

binaryAuthorization ClusterBinaryAuthorizationArgs

Configuration options for the Binary Authorization feature. Structure is documented below.

clusterAutoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

clusterIpv4Cidr string

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

clusterTelemetry ClusterClusterTelemetryArgs

Configuration for ClusterTelemetry feature, Structure is documented below.

confidentialNodes ClusterConfidentialNodesArgs

Configuration for Confidential Nodes feature. Structure is documented below documented below.

costManagementConfig ClusterCostManagementConfigArgs

Cost management configuration for the cluster.

databaseEncryption ClusterDatabaseEncryptionArgs

Structure is documented below.

datapathProvider string

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

defaultMaxPodsPerNode number

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

defaultSnatStatus ClusterDefaultSnatStatusArgs

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

description string

Description of the cluster.

dnsConfig ClusterDnsConfigArgs

Configuration for Using Cloud DNS for GKE. Structure is documented below.

enableAutopilot boolean

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

enableBinaryAuthorization boolean

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

enableIntranodeVisibility boolean

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enableKubernetesAlpha boolean

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enableL4IlbSubsetting boolean

Whether L4ILB Subsetting is enabled for this cluster.

enableLegacyAbac boolean

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enableShieldedNodes boolean

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

enableTpu boolean

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

endpoint string

The IP address of this cluster's Kubernetes master.

identityServiceConfig ClusterIdentityServiceConfigArgs

. Structure is documented below.

initialNodeCount number

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

ipAllocationPolicy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

labelFingerprint string

The fingerprint of the set of labels for this cluster.

location string

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

loggingConfig ClusterLoggingConfigArgs

Logging configuration for the cluster. Structure is documented below.

loggingService string

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenancePolicy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

masterAuth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

masterVersion string

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

meshCertificates ClusterMeshCertificatesArgs

Structure is documented below.

minMasterVersion string

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoringConfig ClusterMonitoringConfigArgs

Monitoring configuration for the cluster. Structure is documented below.

monitoringService string

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name string

The name of the cluster, unique within the project and location.

network string

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

networkPolicy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

networkingMode string

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

nodeConfig ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

nodeLocations string[]

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

nodePoolAutoConfig ClusterNodePoolAutoConfigArgs

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

nodePoolDefaults ClusterNodePoolDefaultsArgs

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

nodePools ClusterNodePoolArgs[]

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

nodeVersion string

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

notificationConfig ClusterNotificationConfigArgs

Configuration for the cluster upgrade notifications feature. Structure is documented below.

operation string
podSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

privateClusterConfig ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

privateIpv6GoogleAccess string

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

releaseChannel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

removeDefaultNodePool boolean

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resourceLabels {[key: string]: string}

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resourceUsageExportConfig ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

selfLink string

The server-defined URL for the resource.

serviceExternalIpsConfig ClusterServiceExternalIpsConfigArgs

Structure is documented below.

servicesIpv4Cidr string

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

subnetwork string

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

tpuConfig ClusterTpuConfigArgs

TPU configuration for the cluster.

tpuIpv4CidrBlock string

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

verticalPodAutoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workloadIdentityConfig ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addons_config ClusterAddonsConfigArgs

The configuration for addons supported by GKE. Structure is documented below.

authenticator_groups_config ClusterAuthenticatorGroupsConfigArgs

Configuration for the Google Groups for GKE feature. Structure is documented below.

binary_authorization ClusterBinaryAuthorizationArgs

Configuration options for the Binary Authorization feature. Structure is documented below.

cluster_autoscaling ClusterClusterAutoscalingArgs

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

cluster_ipv4_cidr str

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

cluster_telemetry ClusterClusterTelemetryArgs

Configuration for ClusterTelemetry feature, Structure is documented below.

confidential_nodes ClusterConfidentialNodesArgs

Configuration for Confidential Nodes feature. Structure is documented below documented below.

cost_management_config ClusterCostManagementConfigArgs

Cost management configuration for the cluster.

database_encryption ClusterDatabaseEncryptionArgs

Structure is documented below.

datapath_provider str

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

default_max_pods_per_node int

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

default_snat_status ClusterDefaultSnatStatusArgs

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

description str

Description of the cluster.

dns_config ClusterDnsConfigArgs

Configuration for Using Cloud DNS for GKE. Structure is documented below.

enable_autopilot bool

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

enable_binary_authorization bool

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

enable_intranode_visibility bool

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enable_kubernetes_alpha bool

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enable_l4_ilb_subsetting bool

Whether L4ILB Subsetting is enabled for this cluster.

enable_legacy_abac bool

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enable_shielded_nodes bool

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

enable_tpu bool

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

endpoint str

The IP address of this cluster's Kubernetes master.

identity_service_config ClusterIdentityServiceConfigArgs

. Structure is documented below.

initial_node_count int

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

ip_allocation_policy ClusterIpAllocationPolicyArgs

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

label_fingerprint str

The fingerprint of the set of labels for this cluster.

location str

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

logging_config ClusterLoggingConfigArgs

Logging configuration for the cluster. Structure is documented below.

logging_service str

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenance_policy ClusterMaintenancePolicyArgs

The maintenance policy to use for the cluster. Structure is documented below.

master_auth ClusterMasterAuthArgs

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

master_authorized_networks_config ClusterMasterAuthorizedNetworksConfigArgs

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

master_version str

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

mesh_certificates ClusterMeshCertificatesArgs

Structure is documented below.

min_master_version str

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoring_config ClusterMonitoringConfigArgs

Monitoring configuration for the cluster. Structure is documented below.

monitoring_service str

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name str

The name of the cluster, unique within the project and location.

network str

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

network_policy ClusterNetworkPolicyArgs

Configuration options for the NetworkPolicy feature. Structure is documented below.

networking_mode str

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

node_config ClusterNodeConfigArgs

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

node_locations Sequence[str]

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

node_pool_auto_config ClusterNodePoolAutoConfigArgs

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

node_pool_defaults ClusterNodePoolDefaultsArgs

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

node_pools Sequence[ClusterNodePoolArgs]

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

node_version str

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

notification_config ClusterNotificationConfigArgs

Configuration for the cluster upgrade notifications feature. Structure is documented below.

operation str
pod_security_policy_config ClusterPodSecurityPolicyConfigArgs

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

private_cluster_config ClusterPrivateClusterConfigArgs

Configuration for private clusters, clusters with private nodes. Structure is documented below.

private_ipv6_google_access str

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

release_channel ClusterReleaseChannelArgs

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

remove_default_node_pool bool

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resource_labels Mapping[str, str]

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resource_usage_export_config ClusterResourceUsageExportConfigArgs

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

self_link str

The server-defined URL for the resource.

service_external_ips_config ClusterServiceExternalIpsConfigArgs

Structure is documented below.

services_ipv4_cidr str

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

subnetwork str

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

tpu_config ClusterTpuConfigArgs

TPU configuration for the cluster.

tpu_ipv4_cidr_block str

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

vertical_pod_autoscaling ClusterVerticalPodAutoscalingArgs

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workload_identity_config ClusterWorkloadIdentityConfigArgs

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

addonsConfig Property Map

The configuration for addons supported by GKE. Structure is documented below.

authenticatorGroupsConfig Property Map

Configuration for the Google Groups for GKE feature. Structure is documented below.

binaryAuthorization Property Map

Configuration options for the Binary Authorization feature. Structure is documented below.

clusterAutoscaling Property Map

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

clusterIpv4Cidr String

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

clusterTelemetry Property Map

Configuration for ClusterTelemetry feature, Structure is documented below.

confidentialNodes Property Map

Configuration for Confidential Nodes feature. Structure is documented below documented below.

costManagementConfig Property Map

Cost management configuration for the cluster.

databaseEncryption Property Map

Structure is documented below.

datapathProvider String

The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

defaultMaxPodsPerNode Number

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

defaultSnatStatus Property Map

GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below

description String

Description of the cluster.

dnsConfig Property Map

Configuration for Using Cloud DNS for GKE. Structure is documented below.

enableAutopilot Boolean

Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.

enableBinaryAuthorization Boolean

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.

Deprecated:

Deprecated in favor of binary_authorization.

enableIntranodeVisibility Boolean

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

enableKubernetesAlpha Boolean

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

enableL4IlbSubsetting Boolean

Whether L4ILB Subsetting is enabled for this cluster.

enableLegacyAbac Boolean

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

enableShieldedNodes Boolean

Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.

enableTpu Boolean

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

endpoint String

The IP address of this cluster's Kubernetes master.

identityServiceConfig Property Map

. Structure is documented below.

initialNodeCount Number

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

ipAllocationPolicy Property Map

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

labelFingerprint String

The fingerprint of the set of labels for this cluster.

location String

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

loggingConfig Property Map

Logging configuration for the cluster. Structure is documented below.

loggingService String

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

maintenancePolicy Property Map

The maintenance policy to use for the cluster. Structure is documented below.

masterAuth Property Map

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

masterAuthorizedNetworksConfig Property Map

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.

masterVersion String

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

meshCertificates Property Map

Structure is documented below.

minMasterVersion String

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

monitoringConfig Property Map

Monitoring configuration for the cluster. Structure is documented below.

monitoringService String

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

name String

The name of the cluster, unique within the project and location.

network String

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

networkPolicy Property Map

Configuration options for the NetworkPolicy feature. Structure is documented below.

networkingMode String

Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.

nodeConfig Property Map

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

nodeLocations List<String>

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

nodePoolAutoConfig Property Map

) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.

nodePoolDefaults Property Map

) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.

nodePools List<Property Map>

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

nodeVersion String

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

notificationConfig Property Map

Configuration for the cluster upgrade notifications feature. Structure is documented below.

operation String
podSecurityPolicyConfig Property Map

) Configuration for the PodSecurityPolicy feature. Structure is documented below.

privateClusterConfig Property Map

Configuration for private clusters, clusters with private nodes. Structure is documented below.

privateIpv6GoogleAccess String

The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

releaseChannel Property Map

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.

removeDefaultNodePool Boolean

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

resourceLabels Map<String>

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

resourceUsageExportConfig Property Map

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

selfLink String

The server-defined URL for the resource.

serviceExternalIpsConfig Property Map

Structure is documented below.

servicesIpv4Cidr String

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

subnetwork String

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

tpuConfig Property Map

TPU configuration for the cluster.

tpuIpv4CidrBlock String

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

verticalPodAutoscaling Property Map

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

workloadIdentityConfig Property Map

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

Supporting Types

ClusterAddonsConfig

CloudrunConfig ClusterAddonsConfigCloudrunConfig

. Structure is documented below.

ConfigConnectorConfig ClusterAddonsConfigConfigConnectorConfig

. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

DnsCacheConfig ClusterAddonsConfigDnsCacheConfig

. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

GcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled.

GcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig

The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.

GkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig

). The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.

HorizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling

The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.

HttpLoadBalancing ClusterAddonsConfigHttpLoadBalancing

The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.

IstioConfig ClusterAddonsConfigIstioConfig

. Structure is documented below.

KalmConfig ClusterAddonsConfigKalmConfig

. Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.

NetworkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig

Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.

CloudrunConfig ClusterAddonsConfigCloudrunConfig

. Structure is documented below.

ConfigConnectorConfig ClusterAddonsConfigConfigConnectorConfig

. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

DnsCacheConfig ClusterAddonsConfigDnsCacheConfig

. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

GcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled.

GcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig

The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.

GkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig

). The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.

HorizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling

The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.

HttpLoadBalancing ClusterAddonsConfigHttpLoadBalancing

The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.

IstioConfig ClusterAddonsConfigIstioConfig

. Structure is documented below.

KalmConfig ClusterAddonsConfigKalmConfig

. Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.

NetworkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig

Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.

cloudrunConfig ClusterAddonsConfigCloudrunConfig

. Structure is documented below.

configConnectorConfig ClusterAddonsConfigConfigConnectorConfig

. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

dnsCacheConfig ClusterAddonsConfigDnsCacheConfig

. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

gcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled.

gcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig

The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.

gkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig

). The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.

horizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling

The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.

httpLoadBalancing ClusterAddonsConfigHttpLoadBalancing

The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.

istioConfig ClusterAddonsConfigIstioConfig

. Structure is documented below.

kalmConfig ClusterAddonsConfigKalmConfig

. Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.

networkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig

Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.

cloudrunConfig ClusterAddonsConfigCloudrunConfig

. Structure is documented below.

configConnectorConfig ClusterAddonsConfigConfigConnectorConfig

. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

dnsCacheConfig ClusterAddonsConfigDnsCacheConfig

. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

gcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled.

gcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig

The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.

gkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig

). The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.

horizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling

The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.

httpLoadBalancing ClusterAddonsConfigHttpLoadBalancing

The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.

istioConfig ClusterAddonsConfigIstioConfig

. Structure is documented below.

kalmConfig ClusterAddonsConfigKalmConfig

. Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.

networkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig

Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.

cloudrun_config ClusterAddonsConfigCloudrunConfig

. Structure is documented below.

config_connector_config ClusterAddonsConfigConfigConnectorConfig

. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

dns_cache_config ClusterAddonsConfigDnsCacheConfig

. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

gce_persistent_disk_csi_driver_config ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled.

gcp_filestore_csi_driver_config ClusterAddonsConfigGcpFilestoreCsiDriverConfig

The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.

gke_backup_agent_config ClusterAddonsConfigGkeBackupAgentConfig

). The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.

horizontal_pod_autoscaling ClusterAddonsConfigHorizontalPodAutoscaling

The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.

http_load_balancing ClusterAddonsConfigHttpLoadBalancing

The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.

istio_config ClusterAddonsConfigIstioConfig

. Structure is documented below.

kalm_config ClusterAddonsConfigKalmConfig

. Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.

network_policy_config ClusterAddonsConfigNetworkPolicyConfig

Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.

cloudrunConfig Property Map

. Structure is documented below.

configConnectorConfig Property Map

. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

dnsCacheConfig Property Map

. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

gcePersistentDiskCsiDriverConfig Property Map

. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled.

gcpFilestoreCsiDriverConfig Property Map

The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.

gkeBackupAgentConfig Property Map

). The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.

horizontalPodAutoscaling Property Map

The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.

httpLoadBalancing Property Map

The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.

istioConfig Property Map

. Structure is documented below.

kalmConfig Property Map

. Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.

networkPolicyConfig Property Map

Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.

ClusterAddonsConfigCloudrunConfig

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

LoadBalancerType string

The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

LoadBalancerType string

The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

loadBalancerType String

The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.

disabled boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

loadBalancerType string

The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.

disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

load_balancer_type str

The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

loadBalancerType String

The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.

ClusterAddonsConfigConfigConnectorConfig

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterAddonsConfigDnsCacheConfig

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterAddonsConfigGcpFilestoreCsiDriverConfig

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterAddonsConfigGkeBackupAgentConfig

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterAddonsConfigHorizontalPodAutoscaling

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

ClusterAddonsConfigHttpLoadBalancing

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

ClusterAddonsConfigIstioConfig

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Auth string

The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Auth string

The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

auth String

The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

disabled boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

auth string

The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

auth str

The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

auth String

The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

ClusterAddonsConfigKalmConfig

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterAddonsConfigNetworkPolicyConfig

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

ClusterAuthenticatorGroupsConfig

SecurityGroup string

The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

SecurityGroup string

The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

securityGroup String

The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

securityGroup string

The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

security_group str

The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

securityGroup String

The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

ClusterBinaryAuthorization

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Deprecated:

Deprecated in favor of evaluation_mode.

EvaluationMode string

Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the deprecated enable_binary_authorization parameter being set to true.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Deprecated:

Deprecated in favor of evaluation_mode.

EvaluationMode string

Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the deprecated enable_binary_authorization parameter being set to true.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Deprecated:

Deprecated in favor of evaluation_mode.

evaluationMode String

Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the deprecated enable_binary_authorization parameter being set to true.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Deprecated:

Deprecated in favor of evaluation_mode.

evaluationMode string

Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the deprecated enable_binary_authorization parameter being set to true.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Deprecated:

Deprecated in favor of evaluation_mode.

evaluation_mode str

Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the deprecated enable_binary_authorization parameter being set to true.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Deprecated:

Deprecated in favor of evaluation_mode.

evaluationMode String

Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the deprecated enable_binary_authorization parameter being set to true.

ClusterClusterAutoscaling

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

AutoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults

Contains defaults for a node pool created by NAP. Structure is documented below.

AutoscalingProfile string

) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.

ResourceLimits List<ClusterClusterAutoscalingResourceLimit>

Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

AutoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults

Contains defaults for a node pool created by NAP. Structure is documented below.

AutoscalingProfile string

) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.

ResourceLimits []ClusterClusterAutoscalingResourceLimit

Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

autoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults

Contains defaults for a node pool created by NAP. Structure is documented below.

autoscalingProfile String

) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.

resourceLimits List<ClusterClusterAutoscalingResourceLimit>

Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

autoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults

Contains defaults for a node pool created by NAP. Structure is documented below.

autoscalingProfile string

) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.

resourceLimits ClusterClusterAutoscalingResourceLimit[]

Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

auto_provisioning_defaults ClusterClusterAutoscalingAutoProvisioningDefaults

Contains defaults for a node pool created by NAP. Structure is documented below.

autoscaling_profile str

) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.

resource_limits Sequence[ClusterClusterAutoscalingResourceLimit]

Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

autoProvisioningDefaults Property Map

Contains defaults for a node pool created by NAP. Structure is documented below.

autoscalingProfile String

) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.

resourceLimits List<Property Map>

Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

ClusterClusterAutoscalingAutoProvisioningDefaults

BootDiskKmsKey string

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

ImageType string

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

MinCpuPlatform string

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

OauthScopes List<string>

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

ServiceAccount string

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

BootDiskKmsKey string

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

ImageType string

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

MinCpuPlatform string

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

OauthScopes []string

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

ServiceAccount string

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

bootDiskKmsKey String

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

imageType String

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

minCpuPlatform String

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

oauthScopes List<String>

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

serviceAccount String

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

bootDiskKmsKey string

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

imageType string

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

minCpuPlatform string

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

oauthScopes string[]

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

serviceAccount string

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

boot_disk_kms_key str

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

image_type str

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

min_cpu_platform str

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

oauth_scopes Sequence[str]

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

service_account str

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

bootDiskKmsKey String

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

imageType String

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

minCpuPlatform String

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

oauthScopes List<String>

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

serviceAccount String

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

ClusterClusterAutoscalingResourceLimit

ResourceType string

The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.

Maximum int

Maximum amount of the resource in the cluster.

Minimum int

Minimum amount of the resource in the cluster.

ResourceType string

The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.

Maximum int

Maximum amount of the resource in the cluster.

Minimum int

Minimum amount of the resource in the cluster.

resourceType String

The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.

maximum Integer

Maximum amount of the resource in the cluster.

minimum Integer

Minimum amount of the resource in the cluster.

resourceType string

The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.

maximum number

Maximum amount of the resource in the cluster.

minimum number

Minimum amount of the resource in the cluster.

resource_type str

The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.

maximum int

Maximum amount of the resource in the cluster.

minimum int

Minimum amount of the resource in the cluster.

resourceType String

The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.

maximum Number

Maximum amount of the resource in the cluster.

minimum Number

Minimum amount of the resource in the cluster.

ClusterClusterTelemetry

Type string

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

Type string

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

type String

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

type string

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

type str

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

type String

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

ClusterConfidentialNodes

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterCostManagementConfig

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterDatabaseEncryption

State string

ENCRYPTED or DECRYPTED

KeyName string

the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

State string

ENCRYPTED or DECRYPTED

KeyName string

the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

state String

ENCRYPTED or DECRYPTED

keyName String

the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

state string

ENCRYPTED or DECRYPTED

keyName string

the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

state str

ENCRYPTED or DECRYPTED

key_name str

the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

state String

ENCRYPTED or DECRYPTED

keyName String

the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

ClusterDefaultSnatStatus

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

Disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled bool

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

disabled Boolean

The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.

ClusterDnsConfig

ClusterDns string

Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.

ClusterDnsDomain string

The suffix used for all cluster service records.

ClusterDnsScope string

The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.

ClusterDns string

Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.

ClusterDnsDomain string

The suffix used for all cluster service records.

ClusterDnsScope string

The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.

clusterDns String

Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.

clusterDnsDomain String

The suffix used for all cluster service records.

clusterDnsScope String

The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.

clusterDns string

Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.

clusterDnsDomain string

The suffix used for all cluster service records.

clusterDnsScope string

The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.

cluster_dns str

Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.

cluster_dns_domain str

The suffix used for all cluster service records.

cluster_dns_scope str

The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.

clusterDns String

Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.

clusterDnsDomain String

The suffix used for all cluster service records.

clusterDnsScope String

The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.

ClusterIdentityServiceConfig

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterIpAllocationPolicy

ClusterIpv4CidrBlock string

The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

ClusterSecondaryRangeName string

The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.

ServicesIpv4CidrBlock string

The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

ServicesSecondaryRangeName string

The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.

ClusterIpv4CidrBlock string

The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

ClusterSecondaryRangeName string

The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.

ServicesIpv4CidrBlock string

The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

ServicesSecondaryRangeName string

The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.

clusterIpv4CidrBlock String

The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

clusterSecondaryRangeName String

The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.

servicesIpv4CidrBlock String

The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

servicesSecondaryRangeName String

The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.

clusterIpv4CidrBlock string

The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

clusterSecondaryRangeName string

The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.

servicesIpv4CidrBlock string

The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

servicesSecondaryRangeName string

The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.

cluster_ipv4_cidr_block str

The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

cluster_secondary_range_name str

The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.

services_ipv4_cidr_block str

The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

services_secondary_range_name str

The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.

clusterIpv4CidrBlock String

The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

clusterSecondaryRangeName String

The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.

servicesIpv4CidrBlock String

The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

servicesSecondaryRangeName String

The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.

ClusterLoggingConfig

EnableComponents List<string>

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

EnableComponents []string

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

enableComponents List<String>

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

enableComponents string[]

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

enable_components Sequence[str]

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

enableComponents List<String>

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

ClusterMaintenancePolicy

DailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

MaintenanceExclusions List<ClusterMaintenancePolicyMaintenanceExclusion>

Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to three maintenance exclusions at a time Maintenance Window and Exclusions

RecurringWindow ClusterMaintenancePolicyRecurringWindow

Time window for recurring maintenance operations.

DailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

MaintenanceExclusions []ClusterMaintenancePolicyMaintenanceExclusion

Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to three maintenance exclusions at a time Maintenance Window and Exclusions

RecurringWindow ClusterMaintenancePolicyRecurringWindow

Time window for recurring maintenance operations.

dailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

maintenanceExclusions List<ClusterMaintenancePolicyMaintenanceExclusion>

Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to three maintenance exclusions at a time Maintenance Window and Exclusions

recurringWindow ClusterMaintenancePolicyRecurringWindow

Time window for recurring maintenance operations.

dailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

maintenanceExclusions ClusterMaintenancePolicyMaintenanceExclusion[]

Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to three maintenance exclusions at a time Maintenance Window and Exclusions

recurringWindow ClusterMaintenancePolicyRecurringWindow

Time window for recurring maintenance operations.

daily_maintenance_window ClusterMaintenancePolicyDailyMaintenanceWindow

Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

maintenance_exclusions Sequence[ClusterMaintenancePolicyMaintenanceExclusion]

Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to three maintenance exclusions at a time Maintenance Window and Exclusions

recurring_window ClusterMaintenancePolicyRecurringWindow

Time window for recurring maintenance operations.

dailyMaintenanceWindow Property Map

Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

maintenanceExclusions List<Property Map>

Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to three maintenance exclusions at a time Maintenance Window and Exclusions

recurringWindow Property Map

Time window for recurring maintenance operations.

ClusterMaintenancePolicyDailyMaintenanceWindow

StartTime string
Duration string
StartTime string
Duration string
startTime String
duration String
startTime string
duration string
startTime String
duration String

ClusterMaintenancePolicyMaintenanceExclusion

EndTime string
ExclusionName string
StartTime string
ExclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions

MaintenanceExclusionOptions provides maintenance exclusion related options.

EndTime string
ExclusionName string
StartTime string
ExclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions

MaintenanceExclusionOptions provides maintenance exclusion related options.

endTime String
exclusionName String
startTime String
exclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions

MaintenanceExclusionOptions provides maintenance exclusion related options.

endTime string
exclusionName string
startTime string
exclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions

MaintenanceExclusionOptions provides maintenance exclusion related options.

end_time str
exclusion_name str
start_time str
exclusion_options ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions

MaintenanceExclusionOptions provides maintenance exclusion related options.

endTime String
exclusionName String
startTime String
exclusionOptions Property Map

MaintenanceExclusionOptions provides maintenance exclusion related options.

ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions

Scope string

The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

Scope string

The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

scope String

The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

scope string

The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

scope str

The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

scope String

The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

ClusterMaintenancePolicyRecurringWindow

EndTime string
Recurrence string
StartTime string
EndTime string
Recurrence string
StartTime string
endTime String
recurrence String
startTime String
endTime string
recurrence string
startTime string
endTime String
recurrence String
startTime String

ClusterMasterAuth

ClientCertificateConfig ClusterMasterAuthClientCertificateConfig

Whether client certificate authorization is enabled for this cluster. For example:

ClientCertificate string
ClientKey string
ClusterCaCertificate string
ClientCertificateConfig ClusterMasterAuthClientCertificateConfig

Whether client certificate authorization is enabled for this cluster. For example:

ClientCertificate string
ClientKey string
ClusterCaCertificate string
clientCertificateConfig ClusterMasterAuthClientCertificateConfig

Whether client certificate authorization is enabled for this cluster. For example:

clientCertificate String
clientKey String
clusterCaCertificate String
clientCertificateConfig ClusterMasterAuthClientCertificateConfig

Whether client certificate authorization is enabled for this cluster. For example:

clientCertificate string
clientKey string
clusterCaCertificate string
client_certificate_config ClusterMasterAuthClientCertificateConfig

Whether client certificate authorization is enabled for this cluster. For example:

client_certificate str
client_key str
cluster_ca_certificate str
clientCertificateConfig Property Map

Whether client certificate authorization is enabled for this cluster. For example:

clientCertificate String
clientKey String
clusterCaCertificate String

ClusterMasterAuthClientCertificateConfig

ClusterMasterAuthorizedNetworksConfig

CidrBlocks List<ClusterMasterAuthorizedNetworksConfigCidrBlock>

External networks that can access the Kubernetes cluster master through HTTPS.

CidrBlocks []ClusterMasterAuthorizedNetworksConfigCidrBlock

External networks that can access the Kubernetes cluster master through HTTPS.

cidrBlocks List<ClusterMasterAuthorizedNetworksConfigCidrBlock>

External networks that can access the Kubernetes cluster master through HTTPS.

cidrBlocks ClusterMasterAuthorizedNetworksConfigCidrBlock[]

External networks that can access the Kubernetes cluster master through HTTPS.

cidr_blocks Sequence[ClusterMasterAuthorizedNetworksConfigCidrBlock]

External networks that can access the Kubernetes cluster master through HTTPS.

cidrBlocks List<Property Map>

External networks that can access the Kubernetes cluster master through HTTPS.

ClusterMasterAuthorizedNetworksConfigCidrBlock

CidrBlock string

External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.

DisplayName string

Field for users to identify CIDR blocks.

CidrBlock string

External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.

DisplayName string

Field for users to identify CIDR blocks.

cidrBlock String

External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.

displayName String

Field for users to identify CIDR blocks.

cidrBlock string

External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.

displayName string

Field for users to identify CIDR blocks.

cidr_block str

External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.

display_name str

Field for users to identify CIDR blocks.

cidrBlock String

External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.

displayName String

Field for users to identify CIDR blocks.

ClusterMeshCertificates

EnableCertificates bool

Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.

EnableCertificates bool

Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.

enableCertificates Boolean

Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.

enableCertificates boolean

Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.

enable_certificates bool

Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.

enableCertificates Boolean

Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.

ClusterMonitoringConfig

EnableComponents List<string>

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

ManagedPrometheus ClusterMonitoringConfigManagedPrometheus

Configuration for Managed Service for Prometheus. Structure is documented below.

EnableComponents []string

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

ManagedPrometheus ClusterMonitoringConfigManagedPrometheus

Configuration for Managed Service for Prometheus. Structure is documented below.

enableComponents List<String>

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

managedPrometheus ClusterMonitoringConfigManagedPrometheus

Configuration for Managed Service for Prometheus. Structure is documented below.

enableComponents string[]

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

managedPrometheus ClusterMonitoringConfigManagedPrometheus

Configuration for Managed Service for Prometheus. Structure is documented below.

enable_components Sequence[str]

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

managed_prometheus ClusterMonitoringConfigManagedPrometheus

Configuration for Managed Service for Prometheus. Structure is documented below.

enableComponents List<String>

The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)

managedPrometheus Property Map

Configuration for Managed Service for Prometheus. Structure is documented below.

ClusterMonitoringConfigManagedPrometheus

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterNetworkPolicy

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Provider string

The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Provider string

The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

provider String

The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

provider string

The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

provider str

The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

provider String

The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.

ClusterNodeConfig

BootDiskKmsKey string

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

DiskSizeGb int

Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.

DiskType string

Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'

EphemeralStorageConfig ClusterNodeConfigEphemeralStorageConfig

Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.

GcfsConfig ClusterNodeConfigGcfsConfig

The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.

GuestAccelerators List<ClusterNodeConfigGuestAccelerator>

List of the type and count of accelerator cards attached to the instance. Structure documented below.

Gvnic ClusterNodeConfigGvnic

Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.

ImageType string

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

KubeletConfig ClusterNodeConfigKubeletConfig

Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

Labels Dictionary<string, string>

The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.

LinuxNodeConfig ClusterNodeConfigLinuxNodeConfig

Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.

LocalSsdCount int

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

MachineType string

The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.

Metadata Dictionary<string, string>

The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.

MinCpuPlatform string

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

NodeGroup string

Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.

OauthScopes List<string>

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

Preemptible bool

A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.

ReservationAffinity ClusterNodeConfigReservationAffinity

The configuration of the desired reservation which instances could take capacity from. Structure is documented below.

SandboxConfig ClusterNodeConfigSandboxConfig
ServiceAccount string

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

ShieldedInstanceConfig ClusterNodeConfigShieldedInstanceConfig

Shielded Instance options. Structure is documented below.

Spot bool

A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.

Tags List<string>

) - List of network tags applied to auto-provisioned node pools.

Taints List<ClusterNodeConfigTaint>

A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.

WorkloadMetadataConfig ClusterNodeConfigWorkloadMetadataConfig

Metadata configuration to expose to workloads on the node pool. Structure is documented below.

BootDiskKmsKey string

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

DiskSizeGb int

Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.

DiskType string

Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'

EphemeralStorageConfig ClusterNodeConfigEphemeralStorageConfig

Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.

GcfsConfig ClusterNodeConfigGcfsConfig

The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.

GuestAccelerators []ClusterNodeConfigGuestAccelerator

List of the type and count of accelerator cards attached to the instance. Structure documented below.

Gvnic ClusterNodeConfigGvnic

Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.

ImageType string

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

KubeletConfig ClusterNodeConfigKubeletConfig

Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

Labels map[string]string

The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.

LinuxNodeConfig ClusterNodeConfigLinuxNodeConfig

Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.

LocalSsdCount int

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

MachineType string

The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.

Metadata map[string]string

The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.

MinCpuPlatform string

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

NodeGroup string

Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.

OauthScopes []string

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

Preemptible bool

A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.

ReservationAffinity ClusterNodeConfigReservationAffinity

The configuration of the desired reservation which instances could take capacity from. Structure is documented below.

SandboxConfig ClusterNodeConfigSandboxConfig
ServiceAccount string

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

ShieldedInstanceConfig ClusterNodeConfigShieldedInstanceConfig

Shielded Instance options. Structure is documented below.

Spot bool

A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.

Tags []string

) - List of network tags applied to auto-provisioned node pools.

Taints []ClusterNodeConfigTaint

A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.

WorkloadMetadataConfig ClusterNodeConfigWorkloadMetadataConfig

Metadata configuration to expose to workloads on the node pool. Structure is documented below.

bootDiskKmsKey String

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

diskSizeGb Integer

Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.

diskType String

Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'

ephemeralStorageConfig ClusterNodeConfigEphemeralStorageConfig

Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.

gcfsConfig ClusterNodeConfigGcfsConfig

The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.

guestAccelerators List<ClusterNodeConfigGuestAccelerator>

List of the type and count of accelerator cards attached to the instance. Structure documented below.

gvnic ClusterNodeConfigGvnic

Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.

imageType String

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

kubeletConfig ClusterNodeConfigKubeletConfig

Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

labels Map<String,String>

The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.

linuxNodeConfig ClusterNodeConfigLinuxNodeConfig

Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.

localSsdCount Integer

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

machineType String

The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.

metadata Map<String,String>

The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.

minCpuPlatform String

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

nodeGroup String

Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.

oauthScopes List<String>

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

preemptible Boolean

A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.

reservationAffinity ClusterNodeConfigReservationAffinity

The configuration of the desired reservation which instances could take capacity from. Structure is documented below.

sandboxConfig ClusterNodeConfigSandboxConfig
serviceAccount String

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

shieldedInstanceConfig ClusterNodeConfigShieldedInstanceConfig

Shielded Instance options. Structure is documented below.

spot Boolean

A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.

tags List<String>

) - List of network tags applied to auto-provisioned node pools.

taints List<ClusterNodeConfigTaint>

A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.

workloadMetadataConfig ClusterNodeConfigWorkloadMetadataConfig

Metadata configuration to expose to workloads on the node pool. Structure is documented below.

bootDiskKmsKey string

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

diskSizeGb number

Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.

diskType string

Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'

ephemeralStorageConfig ClusterNodeConfigEphemeralStorageConfig

Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.

gcfsConfig ClusterNodeConfigGcfsConfig

The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.

guestAccelerators ClusterNodeConfigGuestAccelerator[]

List of the type and count of accelerator cards attached to the instance. Structure documented below.

gvnic ClusterNodeConfigGvnic

Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.

imageType string

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

kubeletConfig ClusterNodeConfigKubeletConfig

Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

labels {[key: string]: string}

The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.

linuxNodeConfig ClusterNodeConfigLinuxNodeConfig

Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.

localSsdCount number

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

machineType string

The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.

metadata {[key: string]: string}

The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.

minCpuPlatform string

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

nodeGroup string

Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.

oauthScopes string[]

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

preemptible boolean

A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.

reservationAffinity ClusterNodeConfigReservationAffinity

The configuration of the desired reservation which instances could take capacity from. Structure is documented below.

sandboxConfig ClusterNodeConfigSandboxConfig
serviceAccount string

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

shieldedInstanceConfig ClusterNodeConfigShieldedInstanceConfig

Shielded Instance options. Structure is documented below.

spot boolean

A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.

tags string[]

) - List of network tags applied to auto-provisioned node pools.

taints ClusterNodeConfigTaint[]

A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.

workloadMetadataConfig ClusterNodeConfigWorkloadMetadataConfig

Metadata configuration to expose to workloads on the node pool. Structure is documented below.

boot_disk_kms_key str

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

disk_size_gb int

Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.

disk_type str

Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'

ephemeral_storage_config ClusterNodeConfigEphemeralStorageConfig

Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.

gcfs_config ClusterNodeConfigGcfsConfig

The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.

guest_accelerators Sequence[ClusterNodeConfigGuestAccelerator]

List of the type and count of accelerator cards attached to the instance. Structure documented below.

gvnic ClusterNodeConfigGvnic

Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.

image_type str

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

kubelet_config ClusterNodeConfigKubeletConfig

Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

labels Mapping[str, str]

The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.

linux_node_config ClusterNodeConfigLinuxNodeConfig

Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.

local_ssd_count int

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

machine_type str

The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.

metadata Mapping[str, str]

The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.

min_cpu_platform str

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

node_group str

Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.

oauth_scopes Sequence[str]

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

preemptible bool

A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.

reservation_affinity ClusterNodeConfigReservationAffinity

The configuration of the desired reservation which instances could take capacity from. Structure is documented below.

sandbox_config ClusterNodeConfigSandboxConfig
service_account str

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

shielded_instance_config ClusterNodeConfigShieldedInstanceConfig

Shielded Instance options. Structure is documented below.

spot bool

A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.

tags Sequence[str]

) - List of network tags applied to auto-provisioned node pools.

taints Sequence[ClusterNodeConfigTaint]

A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.

workload_metadata_config ClusterNodeConfigWorkloadMetadataConfig

Metadata configuration to expose to workloads on the node pool. Structure is documented below.

bootDiskKmsKey String

The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption

diskSizeGb Number

Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.

diskType String

Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'

ephemeralStorageConfig Property Map

Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk. Structure is documented below.

gcfsConfig Property Map

The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.

guestAccelerators List<Property Map>

List of the type and count of accelerator cards attached to the instance. Structure documented below.

gvnic Property Map

Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.

imageType String

The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.

kubeletConfig Property Map

Kubelet configuration, currently supported attributes can be found here. Structure is documented below.

labels Map<String>

The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.

linuxNodeConfig Property Map

Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.

localSsdCount Number

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

machineType String

The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.

metadata Map<String>

The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, the provider will attempt to unset the value. To avoid this, set the value in your config.

minCpuPlatform String

Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.

nodeGroup String

Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.

oauthScopes List<String>

The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

preemptible Boolean

A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.

reservationAffinity Property Map

The configuration of the desired reservation which instances could take capacity from. Structure is documented below.

sandboxConfig Property Map
serviceAccount String

The service account to be used by the Node VMs. If not specified, the "default" service account is used.

shieldedInstanceConfig Property Map

Shielded Instance options. Structure is documented below.

spot Boolean

A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.

tags List<String>

) - List of network tags applied to auto-provisioned node pools.

taints List<Property Map>

A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. If this field is set, any diffs on this field will cause the provider to recreate the underlying resource. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.

workloadMetadataConfig Property Map

Metadata configuration to expose to workloads on the node pool. Structure is documented below.

ClusterNodeConfigEphemeralStorageConfig

LocalSsdCount int

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

LocalSsdCount int

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

localSsdCount Integer

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

localSsdCount number

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

local_ssd_count int

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

localSsdCount Number

Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.

ClusterNodeConfigGcfsConfig

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterNodeConfigGuestAccelerator

Count int

The number of the guest accelerator cards exposed to this instance.

Type string

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

GpuPartitionSize string

Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.

Count int

The number of the guest accelerator cards exposed to this instance.

Type string

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

GpuPartitionSize string

Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.

count Integer

The number of the guest accelerator cards exposed to this instance.

type String

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

gpuPartitionSize String

Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.

count number

The number of the guest accelerator cards exposed to this instance.

type string

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

gpuPartitionSize string

Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.

count int

The number of the guest accelerator cards exposed to this instance.

type str

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

gpu_partition_size str

Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.

count Number

The number of the guest accelerator cards exposed to this instance.

type String

The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.

gpuPartitionSize String

Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.

ClusterNodeConfigGvnic

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

Enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled bool

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

enabled Boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterNodeConfigKubeletConfig

CpuManagerPolicy string

The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". Defaults to none when kubelet_config is unset.

CpuCfsQuota bool

If true, enables CPU CFS quota enforcement for containers that specify CPU limits.

CpuCfsQuotaPeriod string

The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.

CpuManagerPolicy string

The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". Defaults to none when kubelet_config is unset.

CpuCfsQuota bool

If true, enables CPU CFS quota enforcement for containers that specify CPU limits.

CpuCfsQuotaPeriod string

The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.

cpuManagerPolicy String

The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". Defaults to none when kubelet_config is unset.

cpuCfsQuota Boolean

If true, enables CPU CFS quota enforcement for containers that specify CPU limits.

cpuCfsQuotaPeriod String

The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.

cpuManagerPolicy string

The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". Defaults to none when kubelet_config is unset.

cpuCfsQuota boolean

If true, enables CPU CFS quota enforcement for containers that specify CPU limits.

cpuCfsQuotaPeriod string

The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.

cpu_manager_policy str

The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". Defaults to none when kubelet_config is unset.

cpu_cfs_quota bool

If true, enables CPU CFS quota enforcement for containers that specify CPU limits.

cpu_cfs_quota_period str

The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.

cpuManagerPolicy String

The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". Defaults to none when kubelet_config is unset.

cpuCfsQuota Boolean

If true, enables CPU CFS quota enforcement for containers that specify CPU limits.

cpuCfsQuotaPeriod String

The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.

ClusterNodeConfigLinuxNodeConfig

Sysctls Dictionary<string, string>

The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value.

Sysctls map[string]string

The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value.

sysctls Map<String,String>

The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value.

sysctls {[key: string]: string}

The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value.

sysctls Mapping[str, str]

The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value.

sysctls Map<String>

The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value.

ClusterNodeConfigReservationAffinity

ConsumeReservationType string

The type of reservation consumption Accepted values are:

Key string

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

Values List<string>

The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"

ConsumeReservationType string

The type of reservation consumption Accepted values are:

Key string

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

Values []string

The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"

consumeReservationType String

The type of reservation consumption Accepted values are:

key String

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

values List<String>

The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"

consumeReservationType string

The type of reservation consumption Accepted values are:

key string

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

values string[]

The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"

consume_reservation_type str

The type of reservation consumption Accepted values are:

key str

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

values Sequence[str]

The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"

consumeReservationType String

The type of reservation consumption Accepted values are:

key String

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

values List<String>

The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"

ClusterNodeConfigSandboxConfig

SandboxType string

Which sandbox to use for pods in the node pool. Accepted values are:

SandboxType string

Which sandbox to use for pods in the node pool. Accepted values are:

sandboxType String

Which sandbox to use for pods in the node pool. Accepted values are:

sandboxType string

Which sandbox to use for pods in the node pool. Accepted values are:

sandbox_type str

Which sandbox to use for pods in the node pool. Accepted values are:

sandboxType String

Which sandbox to use for pods in the node pool. Accepted values are:

ClusterNodeConfigShieldedInstanceConfig

EnableIntegrityMonitoring bool

Defines if the instance has integrity monitoring enabled.

EnableSecureBoot bool

Defines if the instance has Secure Boot enabled.

EnableIntegrityMonitoring bool

Defines if the instance has integrity monitoring enabled.

EnableSecureBoot bool

Defines if the instance has Secure Boot enabled.

enableIntegrityMonitoring Boolean

Defines if the instance has integrity monitoring enabled.

enableSecureBoot Boolean

Defines if the instance has Secure Boot enabled.

enableIntegrityMonitoring boolean

Defines if the instance has integrity monitoring enabled.

enableSecureBoot boolean

Defines if the instance has Secure Boot enabled.

enable_integrity_monitoring bool

Defines if the instance has integrity monitoring enabled.

enable_secure_boot bool

Defines if the instance has Secure Boot enabled.

enableIntegrityMonitoring Boolean

Defines if the instance has integrity monitoring enabled.

enableSecureBoot Boolean

Defines if the instance has Secure Boot enabled.

ClusterNodeConfigTaint

Effect string

Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.

Key string

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

Value string

Value for taint.

Effect string

Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.

Key string

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

Value string

Value for taint.

effect String

Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.

key String

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

value String

Value for taint.

effect string

Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.

key string

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

value string

Value for taint.

effect str

Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.

key str

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

value str

Value for taint.

effect String

Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.

key String

The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.

value String

Value for taint.

ClusterNodeConfigWorkloadMetadataConfig

Mode string

How to expose the node metadata to the workload running on the node. Accepted values are:

  • UNSPECIFIED: Not Set
  • GCE_METADATA: Expose all Compute Engine metadata to pods.
  • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
Mode string

How to expose the node metadata to the workload running on the node. Accepted values are:

  • UNSPECIFIED: Not Set
  • GCE_METADATA: Expose all Compute Engine metadata to pods.
  • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
mode String

How to expose the node metadata to the workload running on the node. Accepted values are:

  • UNSPECIFIED: Not Set
  • GCE_METADATA: Expose all Compute Engine metadata to pods.
  • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
mode string

How to expose the node metadata to the workload running on the node. Accepted values are:

  • UNSPECIFIED: Not Set
  • GCE_METADATA: Expose all Compute Engine metadata to pods.
  • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
mode str

How to expose the node metadata to the workload running on the node. Accepted values are:

  • UNSPECIFIED: Not Set
  • GCE_METADATA: Expose all Compute Engine metadata to pods.
  • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
mode String

How to expose the node metadata to the workload running on the node. Accepted values are:

  • UNSPECIFIED: Not Set
  • GCE_METADATA: Expose all Compute Engine metadata to pods.
  • GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.

ClusterNodePool

Autoscaling ClusterNodePoolAutoscaling
InitialNodeCount int

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

InstanceGroupUrls List<string>
ManagedInstanceGroupUrls List<string>
Management ClusterNodePoolManagement
MaxPodsPerNode int
Name string

The name of the cluster, unique within the project and location.

NamePrefix string
NetworkConfig ClusterNodePoolNetworkConfig

Configuration for Adding Pod IP address ranges) to the node pool. Structure is documented below

NodeConfig ClusterNodePoolNodeConfig

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

NodeCount int
NodeLocations List<string>

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

PlacementPolicy ClusterNodePoolPlacementPolicy
UpgradeSettings ClusterNodePoolUpgradeSettings
Version string
Autoscaling ClusterNodePoolAutoscaling
InitialNodeCount int

The number of nodes to create in this cluster's default node pool. In regional