1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. container
  5. Cluster
Google Cloud Classic v7.9.0 published on Wednesday, Feb 14, 2024 by Pulumi

gcp.container.Cluster

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.9.0 published on Wednesday, Feb 14, 2024 by Pulumi

    Manages a Google Kubernetes Engine (GKE) cluster. For more information see the official documentation and the API reference.

    Note: On version 5.0.0+ of the provider, you must explicitly set deletion_protection=false (and run pulumi up to write the field to state) in order to destroy a cluster. It is recommended to not set this field (or set it to true) until you’re ready to destroy.

    Warning: All arguments and attributes, including basic auth username and passwords as well as certificate outputs will be stored in the raw state as plaintext. Read more about secrets in state.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.ServiceAccount.Account("default", new()
        {
            AccountId = "service-account-id",
            DisplayName = "Service Account",
        });
    
        var primary = new Gcp.Container.Cluster("primary", new()
        {
            Location = "us-central1",
            RemoveDefaultNodePool = true,
            InitialNodeCount = 1,
        });
    
        var primaryPreemptibleNodes = new Gcp.Container.NodePool("primaryPreemptibleNodes", new()
        {
            Location = "us-central1",
            Cluster = primary.Name,
            NodeCount = 1,
            NodeConfig = new Gcp.Container.Inputs.NodePoolNodeConfigArgs
            {
                Preemptible = true,
                MachineType = "e2-medium",
                ServiceAccount = @default.Email,
                OauthScopes = new[]
                {
                    "https://www.googleapis.com/auth/cloud-platform",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/container"
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := serviceaccount.NewAccount(ctx, "default", &serviceaccount.AccountArgs{
    			AccountId:   pulumi.String("service-account-id"),
    			DisplayName: pulumi.String("Service Account"),
    		})
    		if err != nil {
    			return err
    		}
    		primary, err := container.NewCluster(ctx, "primary", &container.ClusterArgs{
    			Location:              pulumi.String("us-central1"),
    			RemoveDefaultNodePool: pulumi.Bool(true),
    			InitialNodeCount:      pulumi.Int(1),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = container.NewNodePool(ctx, "primaryPreemptibleNodes", &container.NodePoolArgs{
    			Location:  pulumi.String("us-central1"),
    			Cluster:   primary.Name,
    			NodeCount: pulumi.Int(1),
    			NodeConfig: &container.NodePoolNodeConfigArgs{
    				Preemptible:    pulumi.Bool(true),
    				MachineType:    pulumi.String("e2-medium"),
    				ServiceAccount: _default.Email,
    				OauthScopes: pulumi.StringArray{
    					pulumi.String("https://www.googleapis.com/auth/cloud-platform"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.serviceaccount.Account;
    import com.pulumi.gcp.serviceaccount.AccountArgs;
    import com.pulumi.gcp.container.Cluster;
    import com.pulumi.gcp.container.ClusterArgs;
    import com.pulumi.gcp.container.NodePool;
    import com.pulumi.gcp.container.NodePoolArgs;
    import com.pulumi.gcp.container.inputs.NodePoolNodeConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new Account("default", AccountArgs.builder()        
                .accountId("service-account-id")
                .displayName("Service Account")
                .build());
    
            var primary = new Cluster("primary", ClusterArgs.builder()        
                .location("us-central1")
                .removeDefaultNodePool(true)
                .initialNodeCount(1)
                .build());
    
            var primaryPreemptibleNodes = new NodePool("primaryPreemptibleNodes", NodePoolArgs.builder()        
                .location("us-central1")
                .cluster(primary.name())
                .nodeCount(1)
                .nodeConfig(NodePoolNodeConfigArgs.builder()
                    .preemptible(true)
                    .machineType("e2-medium")
                    .serviceAccount(default_.email())
                    .oauthScopes("https://www.googleapis.com/auth/cloud-platform")
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.serviceaccount.Account("default",
        account_id="service-account-id",
        display_name="Service Account")
    primary = gcp.container.Cluster("primary",
        location="us-central1",
        remove_default_node_pool=True,
        initial_node_count=1)
    primary_preemptible_nodes = gcp.container.NodePool("primaryPreemptibleNodes",
        location="us-central1",
        cluster=primary.name,
        node_count=1,
        node_config=gcp.container.NodePoolNodeConfigArgs(
            preemptible=True,
            machine_type="e2-medium",
            service_account=default.email,
            oauth_scopes=["https://www.googleapis.com/auth/cloud-platform"],
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.serviceaccount.Account("default", {
        accountId: "service-account-id",
        displayName: "Service Account",
    });
    const primary = new gcp.container.Cluster("primary", {
        location: "us-central1",
        removeDefaultNodePool: true,
        initialNodeCount: 1,
    });
    const primaryPreemptibleNodes = new gcp.container.NodePool("primaryPreemptibleNodes", {
        location: "us-central1",
        cluster: primary.name,
        nodeCount: 1,
        nodeConfig: {
            preemptible: true,
            machineType: "e2-medium",
            serviceAccount: _default.email,
            oauthScopes: ["https://www.googleapis.com/auth/cloud-platform"],
        },
    });
    
    resources:
      default:
        type: gcp:serviceaccount:Account
        properties:
          accountId: service-account-id
          displayName: Service Account
      primary:
        type: gcp:container:Cluster
        properties:
          location: us-central1
          # We can't create a cluster with no node pool defined, but we want to only use
          #   # separately managed node pools. So we create the smallest possible default
          #   # node pool and immediately delete it.
          removeDefaultNodePool: true
          initialNodeCount: 1
      primaryPreemptibleNodes:
        type: gcp:container:NodePool
        properties:
          location: us-central1
          cluster: ${primary.name}
          nodeCount: 1
          nodeConfig:
            preemptible: true
            machineType: e2-medium
            serviceAccount: ${default.email}
            oauthScopes:
              - https://www.googleapis.com/auth/cloud-platform
    

    With The Default Node Pool

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Gcp.ServiceAccount.Account("default", new()
        {
            AccountId = "service-account-id",
            DisplayName = "Service Account",
        });
    
        var primary = new Gcp.Container.Cluster("primary", new()
        {
            EnableAutopilot = true,
            Location = "us-central1-a",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/container"
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := serviceaccount.NewAccount(ctx, "default", &serviceaccount.AccountArgs{
    			AccountId:   pulumi.String("service-account-id"),
    			DisplayName: pulumi.String("Service Account"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = container.NewCluster(ctx, "primary", &container.ClusterArgs{
    			EnableAutopilot: pulumi.Bool(true),
    			Location:        pulumi.String("us-central1-a"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.serviceaccount.Account;
    import com.pulumi.gcp.serviceaccount.AccountArgs;
    import com.pulumi.gcp.container.Cluster;
    import com.pulumi.gcp.container.ClusterArgs;
    import com.pulumi.gcp.container.inputs.ClusterNodeConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new Account("default", AccountArgs.builder()        
                .accountId("service-account-id")
                .displayName("Service Account")
                .build());
    
            var primary = new Cluster("primary", ClusterArgs.builder()        
                .location("us-central1-a")
                .initialNodeCount(3)
                .nodeConfig(ClusterNodeConfigArgs.builder()
                    .serviceAccount(default_.email())
                    .oauthScopes("https://www.googleapis.com/auth/cloud-platform")
                    .labels(Map.of("foo", "bar"))
                    .tags(                
                        "foo",
                        "bar")
                    .build())
                .timeouts(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_gcp as gcp
    
    default = gcp.serviceaccount.Account("default",
        account_id="service-account-id",
        display_name="Service Account")
    primary = gcp.container.Cluster("primary",
        enable_autopilot=True,
        location="us-central1-a")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const _default = new gcp.serviceaccount.Account("default", {
        accountId: "service-account-id",
        displayName: "Service Account",
    });
    const primary = new gcp.container.Cluster("primary", {
        enableAutopilot: true,
        location: "us-central1-a",
    });
    
    resources:
      default:
        type: gcp:serviceaccount:Account
        properties:
          accountId: service-account-id
          displayName: Service Account
      primary:
        type: gcp:container:Cluster
        properties:
          location: us-central1-a
          initialNodeCount: 3
          nodeConfig:
            serviceAccount: ${default.email}
            oauthScopes:
              - https://www.googleapis.com/auth/cloud-platform
            labels:
              foo: bar
            tags:
              - foo
              - bar
          timeouts:
            - create: 30m
              update: 40m
    

    Autopilot

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.serviceaccount.Account;
    import com.pulumi.gcp.serviceaccount.AccountArgs;
    import com.pulumi.gcp.container.Cluster;
    import com.pulumi.gcp.container.ClusterArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new Account("default", AccountArgs.builder()        
                .accountId("service-account-id")
                .displayName("Service Account")
                .build());
    
            var primary = new Cluster("primary", ClusterArgs.builder()        
                .enableAutopilot(true)
                .location("us-central1-a")
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      default:
        type: gcp:serviceaccount:Account
        properties:
          accountId: service-account-id
          displayName: Service Account
      primary:
        type: gcp:container:Cluster
        properties:
          enableAutopilot: true
          location: us-central1-a
    

    Create Cluster Resource

    new Cluster(name: string, args?: ClusterArgs, opts?: CustomResourceOptions);
    @overload
    def Cluster(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                addons_config: Optional[ClusterAddonsConfigArgs] = None,
                allow_net_admin: Optional[bool] = None,
                authenticator_groups_config: Optional[ClusterAuthenticatorGroupsConfigArgs] = None,
                binary_authorization: Optional[ClusterBinaryAuthorizationArgs] = None,
                cluster_autoscaling: Optional[ClusterClusterAutoscalingArgs] = None,
                cluster_ipv4_cidr: Optional[str] = None,
                cluster_telemetry: Optional[ClusterClusterTelemetryArgs] = None,
                confidential_nodes: Optional[ClusterConfidentialNodesArgs] = None,
                cost_management_config: Optional[ClusterCostManagementConfigArgs] = None,
                database_encryption: Optional[ClusterDatabaseEncryptionArgs] = None,
                datapath_provider: Optional[str] = None,
                default_max_pods_per_node: Optional[int] = None,
                default_snat_status: Optional[ClusterDefaultSnatStatusArgs] = None,
                deletion_protection: Optional[bool] = None,
                description: Optional[str] = None,
                dns_config: Optional[ClusterDnsConfigArgs] = None,
                enable_autopilot: Optional[bool] = None,
                enable_fqdn_network_policy: Optional[bool] = None,
                enable_intranode_visibility: Optional[bool] = None,
                enable_k8s_beta_apis: Optional[ClusterEnableK8sBetaApisArgs] = None,
                enable_kubernetes_alpha: Optional[bool] = None,
                enable_l4_ilb_subsetting: Optional[bool] = None,
                enable_legacy_abac: Optional[bool] = None,
                enable_multi_networking: Optional[bool] = None,
                enable_shielded_nodes: Optional[bool] = None,
                enable_tpu: Optional[bool] = None,
                fleet: Optional[ClusterFleetArgs] = None,
                gateway_api_config: Optional[ClusterGatewayApiConfigArgs] = None,
                identity_service_config: Optional[ClusterIdentityServiceConfigArgs] = None,
                initial_node_count: Optional[int] = None,
                ip_allocation_policy: Optional[ClusterIpAllocationPolicyArgs] = None,
                location: Optional[str] = None,
                logging_config: Optional[ClusterLoggingConfigArgs] = None,
                logging_service: Optional[str] = None,
                maintenance_policy: Optional[ClusterMaintenancePolicyArgs] = None,
                master_auth: Optional[ClusterMasterAuthArgs] = None,
                master_authorized_networks_config: Optional[ClusterMasterAuthorizedNetworksConfigArgs] = None,
                mesh_certificates: Optional[ClusterMeshCertificatesArgs] = None,
                min_master_version: Optional[str] = None,
                monitoring_config: Optional[ClusterMonitoringConfigArgs] = None,
                monitoring_service: Optional[str] = None,
                name: Optional[str] = None,
                network: Optional[str] = None,
                network_policy: Optional[ClusterNetworkPolicyArgs] = None,
                networking_mode: Optional[str] = None,
                node_config: Optional[ClusterNodeConfigArgs] = None,
                node_locations: Optional[Sequence[str]] = None,
                node_pool_auto_config: Optional[ClusterNodePoolAutoConfigArgs] = None,
                node_pool_defaults: Optional[ClusterNodePoolDefaultsArgs] = None,
                node_pools: Optional[Sequence[ClusterNodePoolArgs]] = None,
                node_version: Optional[str] = None,
                notification_config: Optional[ClusterNotificationConfigArgs] = None,
                pod_security_policy_config: Optional[ClusterPodSecurityPolicyConfigArgs] = None,
                private_cluster_config: Optional[ClusterPrivateClusterConfigArgs] = None,
                private_ipv6_google_access: Optional[str] = None,
                project: Optional[str] = None,
                protect_config: Optional[ClusterProtectConfigArgs] = None,
                release_channel: Optional[ClusterReleaseChannelArgs] = None,
                remove_default_node_pool: Optional[bool] = None,
                resource_labels: Optional[Mapping[str, str]] = None,
                resource_usage_export_config: Optional[ClusterResourceUsageExportConfigArgs] = None,
                security_posture_config: Optional[ClusterSecurityPostureConfigArgs] = None,
                service_external_ips_config: Optional[ClusterServiceExternalIpsConfigArgs] = None,
                subnetwork: Optional[str] = None,
                tpu_config: Optional[ClusterTpuConfigArgs] = None,
                vertical_pod_autoscaling: Optional[ClusterVerticalPodAutoscalingArgs] = None,
                workload_alts_config: Optional[ClusterWorkloadAltsConfigArgs] = None,
                workload_identity_config: Optional[ClusterWorkloadIdentityConfigArgs] = None)
    @overload
    def Cluster(resource_name: str,
                args: Optional[ClusterArgs] = None,
                opts: Optional[ResourceOptions] = None)
    func NewCluster(ctx *Context, name string, args *ClusterArgs, opts ...ResourceOption) (*Cluster, error)
    public Cluster(string name, ClusterArgs? args = null, CustomResourceOptions? opts = null)
    public Cluster(String name, ClusterArgs args)
    public Cluster(String name, ClusterArgs args, CustomResourceOptions options)
    
    type: gcp:container:Cluster
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ClusterArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ClusterArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ClusterArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ClusterArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ClusterArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Cluster Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Cluster resource accepts the following input properties:

    AddonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    AllowNetAdmin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    BinaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    ClusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    ClusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    ClusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    ConfidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    CostManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    DatabaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    DatapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    DefaultMaxPodsPerNode int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    DefaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    DeletionProtection bool
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    Description string
    Description of the cluster.
    DnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    EnableAutopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    EnableFqdnNetworkPolicy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    EnableIntranodeVisibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    EnableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    EnableKubernetesAlpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    EnableL4IlbSubsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    EnableLegacyAbac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    EnableMultiNetworking bool
    Whether multi-networking is enabled for this cluster.
    EnableShieldedNodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    EnableTpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    Fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    GatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    IdentityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    InitialNodeCount int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    IpAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    Location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    LoggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    LoggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    MaintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    MasterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    MeshCertificates ClusterMeshCertificates
    Structure is documented below.
    MinMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    MonitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    MonitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    Name string
    The name of the cluster, unique within the project and location.


    Network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    NetworkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    NetworkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    NodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    NodeLocations List<string>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    NodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    NodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    NodePools List<ClusterNodePool>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    NodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    NotificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    PodSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    PrivateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    PrivateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProtectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    ReleaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    RemoveDefaultNodePool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    ResourceLabels Dictionary<string, string>
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    ResourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    SecurityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    ServiceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    TpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    VerticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    WorkloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    WorkloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    AddonsConfig ClusterAddonsConfigArgs
    The configuration for addons supported by GKE. Structure is documented below.
    AllowNetAdmin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    BinaryAuthorization ClusterBinaryAuthorizationArgs
    Configuration options for the Binary Authorization feature. Structure is documented below.
    ClusterAutoscaling ClusterClusterAutoscalingArgs
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    ClusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    ClusterTelemetry ClusterClusterTelemetryArgs
    Configuration for ClusterTelemetry feature, Structure is documented below.
    ConfidentialNodes ClusterConfidentialNodesArgs
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    CostManagementConfig ClusterCostManagementConfigArgs
    Configuration for the Cost Allocation feature. Structure is documented below.
    DatabaseEncryption ClusterDatabaseEncryptionArgs
    Structure is documented below.
    DatapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    DefaultMaxPodsPerNode int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    DefaultSnatStatus ClusterDefaultSnatStatusArgs
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    DeletionProtection bool
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    Description string
    Description of the cluster.
    DnsConfig ClusterDnsConfigArgs
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    EnableAutopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    EnableFqdnNetworkPolicy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    EnableIntranodeVisibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    EnableK8sBetaApis ClusterEnableK8sBetaApisArgs
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    EnableKubernetesAlpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    EnableL4IlbSubsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    EnableLegacyAbac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    EnableMultiNetworking bool
    Whether multi-networking is enabled for this cluster.
    EnableShieldedNodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    EnableTpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    Fleet ClusterFleetArgs
    Fleet configuration for the cluster. Structure is documented below.
    GatewayApiConfig ClusterGatewayApiConfigArgs
    Configuration for GKE Gateway API controller. Structure is documented below.
    IdentityServiceConfig ClusterIdentityServiceConfigArgs
    . Structure is documented below.
    InitialNodeCount int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    IpAllocationPolicy ClusterIpAllocationPolicyArgs
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    Location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    LoggingConfig ClusterLoggingConfigArgs
    Logging configuration for the cluster. Structure is documented below.
    LoggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    MaintenancePolicy ClusterMaintenancePolicyArgs
    The maintenance policy to use for the cluster. Structure is documented below.
    MasterAuth ClusterMasterAuthArgs
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    MeshCertificates ClusterMeshCertificatesArgs
    Structure is documented below.
    MinMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    MonitoringConfig ClusterMonitoringConfigArgs
    Monitoring configuration for the cluster. Structure is documented below.
    MonitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    Name string
    The name of the cluster, unique within the project and location.


    Network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    NetworkPolicy ClusterNetworkPolicyArgs
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    NetworkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    NodeConfig ClusterNodeConfigArgs
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    NodeLocations []string

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    NodePoolAutoConfig ClusterNodePoolAutoConfigArgs
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    NodePoolDefaults ClusterNodePoolDefaultsArgs
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    NodePools []ClusterNodePoolArgs
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    NodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    NotificationConfig ClusterNotificationConfigArgs
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    PodSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    PrivateClusterConfig ClusterPrivateClusterConfigArgs
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    PrivateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProtectConfig ClusterProtectConfigArgs
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    ReleaseChannel ClusterReleaseChannelArgs
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    RemoveDefaultNodePool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    ResourceLabels map[string]string
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    ResourceUsageExportConfig ClusterResourceUsageExportConfigArgs
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    SecurityPostureConfig ClusterSecurityPostureConfigArgs
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    ServiceExternalIpsConfig ClusterServiceExternalIpsConfigArgs
    Structure is documented below.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    TpuConfig ClusterTpuConfigArgs
    TPU configuration for the cluster.
    VerticalPodAutoscaling ClusterVerticalPodAutoscalingArgs
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    WorkloadAltsConfig ClusterWorkloadAltsConfigArgs

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    WorkloadIdentityConfig ClusterWorkloadIdentityConfigArgs
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin Boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr String
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    costManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    datapathProvider String
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode Integer
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection Boolean
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    description String
    Description of the cluster.
    dnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enableAutopilot Boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableFqdnNetworkPolicy Boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility Boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha Boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting Boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac Boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking Boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes Boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu Boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    initialNodeCount Integer
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    location String
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    loggingService String
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    meshCertificates ClusterMeshCertificates
    Structure is documented below.
    minMasterVersion String

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService String
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name String
    The name of the cluster, unique within the project and location.


    network String
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode String
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations List<String>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools List<ClusterNodePool>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion String
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    podSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess String
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    releaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool Boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels Map<String,String>
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    resourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    securityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    serviceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    verticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    costManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    datapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode number
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection boolean
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    description string
    Description of the cluster.
    dnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enableAutopilot boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableFqdnNetworkPolicy boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    initialNodeCount number
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    loggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    meshCertificates ClusterMeshCertificates
    Structure is documented below.
    minMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name string
    The name of the cluster, unique within the project and location.


    network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations string[]

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools ClusterNodePool[]
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    podSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    releaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels {[key: string]: string}
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    resourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    securityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    serviceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    verticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addons_config ClusterAddonsConfigArgs
    The configuration for addons supported by GKE. Structure is documented below.
    allow_net_admin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticator_groups_config ClusterAuthenticatorGroupsConfigArgs
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binary_authorization ClusterBinaryAuthorizationArgs
    Configuration options for the Binary Authorization feature. Structure is documented below.
    cluster_autoscaling ClusterClusterAutoscalingArgs
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    cluster_ipv4_cidr str
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    cluster_telemetry ClusterClusterTelemetryArgs
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidential_nodes ClusterConfidentialNodesArgs
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    cost_management_config ClusterCostManagementConfigArgs
    Configuration for the Cost Allocation feature. Structure is documented below.
    database_encryption ClusterDatabaseEncryptionArgs
    Structure is documented below.
    datapath_provider str
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    default_max_pods_per_node int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    default_snat_status ClusterDefaultSnatStatusArgs
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletion_protection bool
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    description str
    Description of the cluster.
    dns_config ClusterDnsConfigArgs
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enable_autopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enable_fqdn_network_policy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enable_intranode_visibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enable_k8s_beta_apis ClusterEnableK8sBetaApisArgs
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enable_kubernetes_alpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enable_l4_ilb_subsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    enable_legacy_abac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enable_multi_networking bool
    Whether multi-networking is enabled for this cluster.
    enable_shielded_nodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enable_tpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    fleet ClusterFleetArgs
    Fleet configuration for the cluster. Structure is documented below.
    gateway_api_config ClusterGatewayApiConfigArgs
    Configuration for GKE Gateway API controller. Structure is documented below.
    identity_service_config ClusterIdentityServiceConfigArgs
    . Structure is documented below.
    initial_node_count int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ip_allocation_policy ClusterIpAllocationPolicyArgs
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    location str
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    logging_config ClusterLoggingConfigArgs
    Logging configuration for the cluster. Structure is documented below.
    logging_service str
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenance_policy ClusterMaintenancePolicyArgs
    The maintenance policy to use for the cluster. Structure is documented below.
    master_auth ClusterMasterAuthArgs
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    master_authorized_networks_config ClusterMasterAuthorizedNetworksConfigArgs
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    mesh_certificates ClusterMeshCertificatesArgs
    Structure is documented below.
    min_master_version str

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoring_config ClusterMonitoringConfigArgs
    Monitoring configuration for the cluster. Structure is documented below.
    monitoring_service str
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name str
    The name of the cluster, unique within the project and location.


    network str
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    network_policy ClusterNetworkPolicyArgs
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networking_mode str
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    node_config ClusterNodeConfigArgs
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    node_locations Sequence[str]

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    node_pool_auto_config ClusterNodePoolAutoConfigArgs
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    node_pool_defaults ClusterNodePoolDefaultsArgs
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    node_pools Sequence[ClusterNodePoolArgs]
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    node_version str
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notification_config ClusterNotificationConfigArgs
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    pod_security_policy_config ClusterPodSecurityPolicyConfigArgs
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    private_cluster_config ClusterPrivateClusterConfigArgs
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    private_ipv6_google_access str
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protect_config ClusterProtectConfigArgs
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    release_channel ClusterReleaseChannelArgs
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    remove_default_node_pool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resource_labels Mapping[str, str]
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    resource_usage_export_config ClusterResourceUsageExportConfigArgs
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    security_posture_config ClusterSecurityPostureConfigArgs
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    service_external_ips_config ClusterServiceExternalIpsConfigArgs
    Structure is documented below.
    subnetwork str
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpu_config ClusterTpuConfigArgs
    TPU configuration for the cluster.
    vertical_pod_autoscaling ClusterVerticalPodAutoscalingArgs
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workload_alts_config ClusterWorkloadAltsConfigArgs

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workload_identity_config ClusterWorkloadIdentityConfigArgs
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig Property Map
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin Boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig Property Map
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization Property Map
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling Property Map
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr String
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry Property Map
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes Property Map
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    costManagementConfig Property Map
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption Property Map
    Structure is documented below.
    datapathProvider String
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode Number
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus Property Map
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection Boolean
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    description String
    Description of the cluster.
    dnsConfig Property Map
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enableAutopilot Boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableFqdnNetworkPolicy Boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility Boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis Property Map
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha Boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting Boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac Boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking Boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes Boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu Boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    fleet Property Map
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig Property Map
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig Property Map
    . Structure is documented below.
    initialNodeCount Number
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy Property Map
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    location String
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig Property Map
    Logging configuration for the cluster. Structure is documented below.
    loggingService String
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy Property Map
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth Property Map
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig Property Map
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    meshCertificates Property Map
    Structure is documented below.
    minMasterVersion String

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig Property Map
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService String
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name String
    The name of the cluster, unique within the project and location.


    network String
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy Property Map
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode String
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig Property Map
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations List<String>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig Property Map
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults Property Map
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools List<Property Map>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion String
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig Property Map
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    podSecurityPolicyConfig Property Map
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig Property Map
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess String
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig Property Map
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    releaseChannel Property Map
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool Boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels Map<String>
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    resourceUsageExportConfig Property Map
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    securityPostureConfig Property Map
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    serviceExternalIpsConfig Property Map
    Structure is documented below.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig Property Map
    TPU configuration for the cluster.
    verticalPodAutoscaling Property Map
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig Property Map

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig Property Map
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Cluster resource produces the following output properties:

    Endpoint string
    The IP address of this cluster's Kubernetes master.
    Id string
    The provider-assigned unique ID for this managed resource.
    LabelFingerprint string
    The fingerprint of the set of labels for this cluster.
    MasterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    Operation string
    SelfLink string
    The server-defined URL for the resource.
    ServicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    TpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    Endpoint string
    The IP address of this cluster's Kubernetes master.
    Id string
    The provider-assigned unique ID for this managed resource.
    LabelFingerprint string
    The fingerprint of the set of labels for this cluster.
    MasterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    Operation string
    SelfLink string
    The server-defined URL for the resource.
    ServicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    TpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    endpoint String
    The IP address of this cluster's Kubernetes master.
    id String
    The provider-assigned unique ID for this managed resource.
    labelFingerprint String
    The fingerprint of the set of labels for this cluster.
    masterVersion String
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    operation String
    selfLink String
    The server-defined URL for the resource.
    servicesIpv4Cidr String
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    tpuIpv4CidrBlock String
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    endpoint string
    The IP address of this cluster's Kubernetes master.
    id string
    The provider-assigned unique ID for this managed resource.
    labelFingerprint string
    The fingerprint of the set of labels for this cluster.
    masterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    operation string
    selfLink string
    The server-defined URL for the resource.
    servicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    tpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    endpoint str
    The IP address of this cluster's Kubernetes master.
    id str
    The provider-assigned unique ID for this managed resource.
    label_fingerprint str
    The fingerprint of the set of labels for this cluster.
    master_version str
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    operation str
    self_link str
    The server-defined URL for the resource.
    services_ipv4_cidr str
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    tpu_ipv4_cidr_block str
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    endpoint String
    The IP address of this cluster's Kubernetes master.
    id String
    The provider-assigned unique ID for this managed resource.
    labelFingerprint String
    The fingerprint of the set of labels for this cluster.
    masterVersion String
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    operation String
    selfLink String
    The server-defined URL for the resource.
    servicesIpv4Cidr String
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    tpuIpv4CidrBlock String
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

    Look up Existing Cluster Resource

    Get an existing Cluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ClusterState, opts?: CustomResourceOptions): Cluster
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            addons_config: Optional[ClusterAddonsConfigArgs] = None,
            allow_net_admin: Optional[bool] = None,
            authenticator_groups_config: Optional[ClusterAuthenticatorGroupsConfigArgs] = None,
            binary_authorization: Optional[ClusterBinaryAuthorizationArgs] = None,
            cluster_autoscaling: Optional[ClusterClusterAutoscalingArgs] = None,
            cluster_ipv4_cidr: Optional[str] = None,
            cluster_telemetry: Optional[ClusterClusterTelemetryArgs] = None,
            confidential_nodes: Optional[ClusterConfidentialNodesArgs] = None,
            cost_management_config: Optional[ClusterCostManagementConfigArgs] = None,
            database_encryption: Optional[ClusterDatabaseEncryptionArgs] = None,
            datapath_provider: Optional[str] = None,
            default_max_pods_per_node: Optional[int] = None,
            default_snat_status: Optional[ClusterDefaultSnatStatusArgs] = None,
            deletion_protection: Optional[bool] = None,
            description: Optional[str] = None,
            dns_config: Optional[ClusterDnsConfigArgs] = None,
            enable_autopilot: Optional[bool] = None,
            enable_fqdn_network_policy: Optional[bool] = None,
            enable_intranode_visibility: Optional[bool] = None,
            enable_k8s_beta_apis: Optional[ClusterEnableK8sBetaApisArgs] = None,
            enable_kubernetes_alpha: Optional[bool] = None,
            enable_l4_ilb_subsetting: Optional[bool] = None,
            enable_legacy_abac: Optional[bool] = None,
            enable_multi_networking: Optional[bool] = None,
            enable_shielded_nodes: Optional[bool] = None,
            enable_tpu: Optional[bool] = None,
            endpoint: Optional[str] = None,
            fleet: Optional[ClusterFleetArgs] = None,
            gateway_api_config: Optional[ClusterGatewayApiConfigArgs] = None,
            identity_service_config: Optional[ClusterIdentityServiceConfigArgs] = None,
            initial_node_count: Optional[int] = None,
            ip_allocation_policy: Optional[ClusterIpAllocationPolicyArgs] = None,
            label_fingerprint: Optional[str] = None,
            location: Optional[str] = None,
            logging_config: Optional[ClusterLoggingConfigArgs] = None,
            logging_service: Optional[str] = None,
            maintenance_policy: Optional[ClusterMaintenancePolicyArgs] = None,
            master_auth: Optional[ClusterMasterAuthArgs] = None,
            master_authorized_networks_config: Optional[ClusterMasterAuthorizedNetworksConfigArgs] = None,
            master_version: Optional[str] = None,
            mesh_certificates: Optional[ClusterMeshCertificatesArgs] = None,
            min_master_version: Optional[str] = None,
            monitoring_config: Optional[ClusterMonitoringConfigArgs] = None,
            monitoring_service: Optional[str] = None,
            name: Optional[str] = None,
            network: Optional[str] = None,
            network_policy: Optional[ClusterNetworkPolicyArgs] = None,
            networking_mode: Optional[str] = None,
            node_config: Optional[ClusterNodeConfigArgs] = None,
            node_locations: Optional[Sequence[str]] = None,
            node_pool_auto_config: Optional[ClusterNodePoolAutoConfigArgs] = None,
            node_pool_defaults: Optional[ClusterNodePoolDefaultsArgs] = None,
            node_pools: Optional[Sequence[ClusterNodePoolArgs]] = None,
            node_version: Optional[str] = None,
            notification_config: Optional[ClusterNotificationConfigArgs] = None,
            operation: Optional[str] = None,
            pod_security_policy_config: Optional[ClusterPodSecurityPolicyConfigArgs] = None,
            private_cluster_config: Optional[ClusterPrivateClusterConfigArgs] = None,
            private_ipv6_google_access: Optional[str] = None,
            project: Optional[str] = None,
            protect_config: Optional[ClusterProtectConfigArgs] = None,
            release_channel: Optional[ClusterReleaseChannelArgs] = None,
            remove_default_node_pool: Optional[bool] = None,
            resource_labels: Optional[Mapping[str, str]] = None,
            resource_usage_export_config: Optional[ClusterResourceUsageExportConfigArgs] = None,
            security_posture_config: Optional[ClusterSecurityPostureConfigArgs] = None,
            self_link: Optional[str] = None,
            service_external_ips_config: Optional[ClusterServiceExternalIpsConfigArgs] = None,
            services_ipv4_cidr: Optional[str] = None,
            subnetwork: Optional[str] = None,
            tpu_config: Optional[ClusterTpuConfigArgs] = None,
            tpu_ipv4_cidr_block: Optional[str] = None,
            vertical_pod_autoscaling: Optional[ClusterVerticalPodAutoscalingArgs] = None,
            workload_alts_config: Optional[ClusterWorkloadAltsConfigArgs] = None,
            workload_identity_config: Optional[ClusterWorkloadIdentityConfigArgs] = None) -> Cluster
    func GetCluster(ctx *Context, name string, id IDInput, state *ClusterState, opts ...ResourceOption) (*Cluster, error)
    public static Cluster Get(string name, Input<string> id, ClusterState? state, CustomResourceOptions? opts = null)
    public static Cluster get(String name, Output<String> id, ClusterState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AddonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    AllowNetAdmin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    BinaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    ClusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    ClusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    ClusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    ConfidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    CostManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    DatabaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    DatapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    DefaultMaxPodsPerNode int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    DefaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    DeletionProtection bool
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    Description string
    Description of the cluster.
    DnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    EnableAutopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    EnableFqdnNetworkPolicy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    EnableIntranodeVisibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    EnableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    EnableKubernetesAlpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    EnableL4IlbSubsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    EnableLegacyAbac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    EnableMultiNetworking bool
    Whether multi-networking is enabled for this cluster.
    EnableShieldedNodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    EnableTpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    Endpoint string
    The IP address of this cluster's Kubernetes master.
    Fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    GatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    IdentityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    InitialNodeCount int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    IpAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    LabelFingerprint string
    The fingerprint of the set of labels for this cluster.
    Location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    LoggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    LoggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    MaintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    MasterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    MasterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    MeshCertificates ClusterMeshCertificates
    Structure is documented below.
    MinMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    MonitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    MonitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    Name string
    The name of the cluster, unique within the project and location.


    Network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    NetworkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    NetworkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    NodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    NodeLocations List<string>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    NodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    NodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    NodePools List<ClusterNodePool>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    NodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    NotificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    Operation string
    PodSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    PrivateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    PrivateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProtectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    ReleaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    RemoveDefaultNodePool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    ResourceLabels Dictionary<string, string>
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    ResourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    SecurityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    SelfLink string
    The server-defined URL for the resource.
    ServiceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    ServicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    TpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    TpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    VerticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    WorkloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    WorkloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    AddonsConfig ClusterAddonsConfigArgs
    The configuration for addons supported by GKE. Structure is documented below.
    AllowNetAdmin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    AuthenticatorGroupsConfig ClusterAuthenticatorGroupsConfigArgs
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    BinaryAuthorization ClusterBinaryAuthorizationArgs
    Configuration options for the Binary Authorization feature. Structure is documented below.
    ClusterAutoscaling ClusterClusterAutoscalingArgs
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    ClusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    ClusterTelemetry ClusterClusterTelemetryArgs
    Configuration for ClusterTelemetry feature, Structure is documented below.
    ConfidentialNodes ClusterConfidentialNodesArgs
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    CostManagementConfig ClusterCostManagementConfigArgs
    Configuration for the Cost Allocation feature. Structure is documented below.
    DatabaseEncryption ClusterDatabaseEncryptionArgs
    Structure is documented below.
    DatapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    DefaultMaxPodsPerNode int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    DefaultSnatStatus ClusterDefaultSnatStatusArgs
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    DeletionProtection bool
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    Description string
    Description of the cluster.
    DnsConfig ClusterDnsConfigArgs
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    EnableAutopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    EnableFqdnNetworkPolicy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    EnableIntranodeVisibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    EnableK8sBetaApis ClusterEnableK8sBetaApisArgs
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    EnableKubernetesAlpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    EnableL4IlbSubsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    EnableLegacyAbac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    EnableMultiNetworking bool
    Whether multi-networking is enabled for this cluster.
    EnableShieldedNodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    EnableTpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    Endpoint string
    The IP address of this cluster's Kubernetes master.
    Fleet ClusterFleetArgs
    Fleet configuration for the cluster. Structure is documented below.
    GatewayApiConfig ClusterGatewayApiConfigArgs
    Configuration for GKE Gateway API controller. Structure is documented below.
    IdentityServiceConfig ClusterIdentityServiceConfigArgs
    . Structure is documented below.
    InitialNodeCount int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    IpAllocationPolicy ClusterIpAllocationPolicyArgs
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    LabelFingerprint string
    The fingerprint of the set of labels for this cluster.
    Location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    LoggingConfig ClusterLoggingConfigArgs
    Logging configuration for the cluster. Structure is documented below.
    LoggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    MaintenancePolicy ClusterMaintenancePolicyArgs
    The maintenance policy to use for the cluster. Structure is documented below.
    MasterAuth ClusterMasterAuthArgs
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    MasterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfigArgs
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    MasterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    MeshCertificates ClusterMeshCertificatesArgs
    Structure is documented below.
    MinMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    MonitoringConfig ClusterMonitoringConfigArgs
    Monitoring configuration for the cluster. Structure is documented below.
    MonitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    Name string
    The name of the cluster, unique within the project and location.


    Network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    NetworkPolicy ClusterNetworkPolicyArgs
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    NetworkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    NodeConfig ClusterNodeConfigArgs
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    NodeLocations []string

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    NodePoolAutoConfig ClusterNodePoolAutoConfigArgs
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    NodePoolDefaults ClusterNodePoolDefaultsArgs
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    NodePools []ClusterNodePoolArgs
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    NodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    NotificationConfig ClusterNotificationConfigArgs
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    Operation string
    PodSecurityPolicyConfig ClusterPodSecurityPolicyConfigArgs
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    PrivateClusterConfig ClusterPrivateClusterConfigArgs
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    PrivateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    ProtectConfig ClusterProtectConfigArgs
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    ReleaseChannel ClusterReleaseChannelArgs
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    RemoveDefaultNodePool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    ResourceLabels map[string]string
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    ResourceUsageExportConfig ClusterResourceUsageExportConfigArgs
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    SecurityPostureConfig ClusterSecurityPostureConfigArgs
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    SelfLink string
    The server-defined URL for the resource.
    ServiceExternalIpsConfig ClusterServiceExternalIpsConfigArgs
    Structure is documented below.
    ServicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    Subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    TpuConfig ClusterTpuConfigArgs
    TPU configuration for the cluster.
    TpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    VerticalPodAutoscaling ClusterVerticalPodAutoscalingArgs
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    WorkloadAltsConfig ClusterWorkloadAltsConfigArgs

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    WorkloadIdentityConfig ClusterWorkloadIdentityConfigArgs
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin Boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr String
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    costManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    datapathProvider String
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode Integer
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection Boolean
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    description String
    Description of the cluster.
    dnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enableAutopilot Boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableFqdnNetworkPolicy Boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility Boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha Boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting Boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac Boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking Boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes Boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu Boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    endpoint String
    The IP address of this cluster's Kubernetes master.
    fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    initialNodeCount Integer
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    labelFingerprint String
    The fingerprint of the set of labels for this cluster.
    location String
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    loggingService String
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    masterVersion String
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    meshCertificates ClusterMeshCertificates
    Structure is documented below.
    minMasterVersion String

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService String
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name String
    The name of the cluster, unique within the project and location.


    network String
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode String
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations List<String>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools List<ClusterNodePool>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion String
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    operation String
    podSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess String
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    releaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool Boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels Map<String,String>
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    resourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    securityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    selfLink String
    The server-defined URL for the resource.
    serviceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    servicesIpv4Cidr String
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    tpuIpv4CidrBlock String
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    verticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig ClusterAddonsConfig
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig ClusterAuthenticatorGroupsConfig
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization ClusterBinaryAuthorization
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling ClusterClusterAutoscaling
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr string
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry ClusterClusterTelemetry
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes ClusterConfidentialNodes
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    costManagementConfig ClusterCostManagementConfig
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption ClusterDatabaseEncryption
    Structure is documented below.
    datapathProvider string
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode number
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus ClusterDefaultSnatStatus
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection boolean
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    description string
    Description of the cluster.
    dnsConfig ClusterDnsConfig
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enableAutopilot boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableFqdnNetworkPolicy boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis ClusterEnableK8sBetaApis
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    endpoint string
    The IP address of this cluster's Kubernetes master.
    fleet ClusterFleet
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig ClusterGatewayApiConfig
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig ClusterIdentityServiceConfig
    . Structure is documented below.
    initialNodeCount number
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy ClusterIpAllocationPolicy
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    labelFingerprint string
    The fingerprint of the set of labels for this cluster.
    location string
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig ClusterLoggingConfig
    Logging configuration for the cluster. Structure is documented below.
    loggingService string
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy ClusterMaintenancePolicy
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth ClusterMasterAuth
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig ClusterMasterAuthorizedNetworksConfig
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    masterVersion string
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    meshCertificates ClusterMeshCertificates
    Structure is documented below.
    minMasterVersion string

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig ClusterMonitoringConfig
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService string
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name string
    The name of the cluster, unique within the project and location.


    network string
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy ClusterNetworkPolicy
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode string
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig ClusterNodeConfig
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations string[]

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig ClusterNodePoolAutoConfig
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults ClusterNodePoolDefaults
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools ClusterNodePool[]
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion string
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig ClusterNotificationConfig
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    operation string
    podSecurityPolicyConfig ClusterPodSecurityPolicyConfig
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig ClusterPrivateClusterConfig
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess string
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig ClusterProtectConfig
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    releaseChannel ClusterReleaseChannel
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels {[key: string]: string}
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    resourceUsageExportConfig ClusterResourceUsageExportConfig
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    securityPostureConfig ClusterSecurityPostureConfig
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    selfLink string
    The server-defined URL for the resource.
    serviceExternalIpsConfig ClusterServiceExternalIpsConfig
    Structure is documented below.
    servicesIpv4Cidr string
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    subnetwork string
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig ClusterTpuConfig
    TPU configuration for the cluster.
    tpuIpv4CidrBlock string
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    verticalPodAutoscaling ClusterVerticalPodAutoscaling
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig ClusterWorkloadAltsConfig

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig ClusterWorkloadIdentityConfig
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addons_config ClusterAddonsConfigArgs
    The configuration for addons supported by GKE. Structure is documented below.
    allow_net_admin bool
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticator_groups_config ClusterAuthenticatorGroupsConfigArgs
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binary_authorization ClusterBinaryAuthorizationArgs
    Configuration options for the Binary Authorization feature. Structure is documented below.
    cluster_autoscaling ClusterClusterAutoscalingArgs
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    cluster_ipv4_cidr str
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    cluster_telemetry ClusterClusterTelemetryArgs
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidential_nodes ClusterConfidentialNodesArgs
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    cost_management_config ClusterCostManagementConfigArgs
    Configuration for the Cost Allocation feature. Structure is documented below.
    database_encryption ClusterDatabaseEncryptionArgs
    Structure is documented below.
    datapath_provider str
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    default_max_pods_per_node int
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    default_snat_status ClusterDefaultSnatStatusArgs
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletion_protection bool
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    description str
    Description of the cluster.
    dns_config ClusterDnsConfigArgs
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enable_autopilot bool
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enable_fqdn_network_policy bool
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enable_intranode_visibility bool
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enable_k8s_beta_apis ClusterEnableK8sBetaApisArgs
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enable_kubernetes_alpha bool
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enable_l4_ilb_subsetting bool
    Whether L4ILB Subsetting is enabled for this cluster.
    enable_legacy_abac bool
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enable_multi_networking bool
    Whether multi-networking is enabled for this cluster.
    enable_shielded_nodes bool
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enable_tpu bool
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    endpoint str
    The IP address of this cluster's Kubernetes master.
    fleet ClusterFleetArgs
    Fleet configuration for the cluster. Structure is documented below.
    gateway_api_config ClusterGatewayApiConfigArgs
    Configuration for GKE Gateway API controller. Structure is documented below.
    identity_service_config ClusterIdentityServiceConfigArgs
    . Structure is documented below.
    initial_node_count int
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ip_allocation_policy ClusterIpAllocationPolicyArgs
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    label_fingerprint str
    The fingerprint of the set of labels for this cluster.
    location str
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    logging_config ClusterLoggingConfigArgs
    Logging configuration for the cluster. Structure is documented below.
    logging_service str
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenance_policy ClusterMaintenancePolicyArgs
    The maintenance policy to use for the cluster. Structure is documented below.
    master_auth ClusterMasterAuthArgs
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    master_authorized_networks_config ClusterMasterAuthorizedNetworksConfigArgs
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    master_version str
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    mesh_certificates ClusterMeshCertificatesArgs
    Structure is documented below.
    min_master_version str

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoring_config ClusterMonitoringConfigArgs
    Monitoring configuration for the cluster. Structure is documented below.
    monitoring_service str
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name str
    The name of the cluster, unique within the project and location.


    network str
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    network_policy ClusterNetworkPolicyArgs
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networking_mode str
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    node_config ClusterNodeConfigArgs
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    node_locations Sequence[str]

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    node_pool_auto_config ClusterNodePoolAutoConfigArgs
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    node_pool_defaults ClusterNodePoolDefaultsArgs
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    node_pools Sequence[ClusterNodePoolArgs]
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    node_version str
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notification_config ClusterNotificationConfigArgs
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    operation str
    pod_security_policy_config ClusterPodSecurityPolicyConfigArgs
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    private_cluster_config ClusterPrivateClusterConfigArgs
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    private_ipv6_google_access str
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protect_config ClusterProtectConfigArgs
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    release_channel ClusterReleaseChannelArgs
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    remove_default_node_pool bool
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resource_labels Mapping[str, str]
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    resource_usage_export_config ClusterResourceUsageExportConfigArgs
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    security_posture_config ClusterSecurityPostureConfigArgs
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    self_link str
    The server-defined URL for the resource.
    service_external_ips_config ClusterServiceExternalIpsConfigArgs
    Structure is documented below.
    services_ipv4_cidr str
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    subnetwork str
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpu_config ClusterTpuConfigArgs
    TPU configuration for the cluster.
    tpu_ipv4_cidr_block str
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    vertical_pod_autoscaling ClusterVerticalPodAutoscalingArgs
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workload_alts_config ClusterWorkloadAltsConfigArgs

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workload_identity_config ClusterWorkloadIdentityConfigArgs
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
    addonsConfig Property Map
    The configuration for addons supported by GKE. Structure is documented below.
    allowNetAdmin Boolean
    Enable NET_ADMIN for the cluster. Defaults to false. This field should only be enabled for Autopilot clusters (enable_autopilot set to true).
    authenticatorGroupsConfig Property Map
    Configuration for the Google Groups for GKE feature. Structure is documented below.
    binaryAuthorization Property Map
    Configuration options for the Binary Authorization feature. Structure is documented below.
    clusterAutoscaling Property Map
    Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
    clusterIpv4Cidr String
    The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will default a new cluster to routes-based, where ip_allocation_policy is not defined.
    clusterTelemetry Property Map
    Configuration for ClusterTelemetry feature, Structure is documented below.
    confidentialNodes Property Map
    Configuration for Confidential Nodes feature. Structure is documented below documented below.
    costManagementConfig Property Map
    Configuration for the Cost Allocation feature. Structure is documented below.
    databaseEncryption Property Map
    Structure is documented below.
    datapathProvider String
    The desired datapath provider for this cluster. This is set to LEGACY_DATAPATH by default, which uses the IPTables-based kube-proxy implementation. Set to ADVANCED_DATAPATH to enable Dataplane v2.
    defaultMaxPodsPerNode Number
    The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
    defaultSnatStatus Property Map
    GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
    deletionProtection Boolean
    Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.
    description String
    Description of the cluster.
    dnsConfig Property Map
    Configuration for Using Cloud DNS for GKE. Structure is documented below.
    enableAutopilot Boolean
    Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
    enableFqdnNetworkPolicy Boolean
    Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.
    enableIntranodeVisibility Boolean
    Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
    enableK8sBetaApis Property Map
    Configuration for Kubernetes Beta APIs. Structure is documented below.
    enableKubernetesAlpha Boolean
    Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
    enableL4IlbSubsetting Boolean
    Whether L4ILB Subsetting is enabled for this cluster.
    enableLegacyAbac Boolean
    Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
    enableMultiNetworking Boolean
    Whether multi-networking is enabled for this cluster.
    enableShieldedNodes Boolean
    Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
    enableTpu Boolean
    Whether to enable Cloud TPU resources in this cluster. See the official documentation.
    endpoint String
    The IP address of this cluster's Kubernetes master.
    fleet Property Map
    Fleet configuration for the cluster. Structure is documented below.
    gatewayApiConfig Property Map
    Configuration for GKE Gateway API controller. Structure is documented below.
    identityServiceConfig Property Map
    . Structure is documented below.
    initialNodeCount Number
    The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
    ipAllocationPolicy Property Map
    Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. Structure is documented below.
    labelFingerprint String
    The fingerprint of the set of labels for this cluster.
    location String
    The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
    loggingConfig Property Map
    Logging configuration for the cluster. Structure is documented below.
    loggingService String
    The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
    maintenancePolicy Property Map
    The maintenance policy to use for the cluster. Structure is documented below.
    masterAuth Property Map
    The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
    masterAuthorizedNetworksConfig Property Map
    The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
    masterVersion String
    The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
    meshCertificates Property Map
    Structure is documented below.
    minMasterVersion String

    The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

    If you are using the gcp.container.getEngineVersions datasource with a regional cluster, ensure that you have provided a location to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.

    monitoringConfig Property Map
    Monitoring configuration for the cluster. Structure is documented below.
    monitoringService String
    The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
    name String
    The name of the cluster, unique within the project and location.


    network String
    The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
    networkPolicy Property Map
    Configuration options for the NetworkPolicy feature. Structure is documented below.
    networkingMode String
    Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE.
    nodeConfig Property Map
    Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.
    nodeLocations List<String>

    The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

    A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.

    nodePoolAutoConfig Property Map
    Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
    nodePoolDefaults Property Map
    Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
    nodePools List<Property Map>
    List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
    nodeVersion String
    The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.
    notificationConfig Property Map
    Configuration for the cluster upgrade notifications feature. Structure is documented below.
    operation String
    podSecurityPolicyConfig Property Map
    Configuration for the PodSecurityPolicy feature. Structure is documented below.
    privateClusterConfig Property Map
    Configuration for private clusters, clusters with private nodes. Structure is documented below.
    privateIpv6GoogleAccess String
    The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    protectConfig Property Map
    Enable/Disable Protect API features for the cluster. Structure is documented below.
    releaseChannel Property Map
    Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
    removeDefaultNodePool Boolean
    If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
    resourceLabels Map<String>
    The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
    resourceUsageExportConfig Property Map
    Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
    securityPostureConfig Property Map
    Enable/Disable Security Posture API features for the cluster. Structure is documented below.
    selfLink String
    The server-defined URL for the resource.
    serviceExternalIpsConfig Property Map
    Structure is documented below.
    servicesIpv4Cidr String
    The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
    subnetwork String
    The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
    tpuConfig Property Map
    TPU configuration for the cluster.
    tpuIpv4CidrBlock String
    The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
    verticalPodAutoscaling Property Map
    Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
    workloadAltsConfig Property Map

    Configuration for direct-path (via ALTS) with workload identity.. Structure is documented below.

    The default_snat_status block supports

    workloadIdentityConfig Property Map
    Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

    Supporting Types

    ClusterAddonsConfig, ClusterAddonsConfigArgs

    CloudrunConfig ClusterAddonsConfigCloudrunConfig
    . Structure is documented below.
    ConfigConnectorConfig ClusterAddonsConfigConfigConnectorConfig

    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

    This example addons_config disables two addons:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The binary_authorization block supports:

    DnsCacheConfig ClusterAddonsConfigDnsCacheConfig

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    GcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    GcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    GcsFuseCsiDriverConfig ClusterAddonsConfigGcsFuseCsiDriverConfig
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    GkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    HorizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    HttpLoadBalancing ClusterAddonsConfigHttpLoadBalancing
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    IstioConfig ClusterAddonsConfigIstioConfig
    . Structure is documented below.
    KalmConfig ClusterAddonsConfigKalmConfig
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    NetworkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
    CloudrunConfig ClusterAddonsConfigCloudrunConfig
    . Structure is documented below.
    ConfigConnectorConfig ClusterAddonsConfigConfigConnectorConfig

    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

    This example addons_config disables two addons:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The binary_authorization block supports:

    DnsCacheConfig ClusterAddonsConfigDnsCacheConfig

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    GcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    GcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    GcsFuseCsiDriverConfig ClusterAddonsConfigGcsFuseCsiDriverConfig
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    GkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    HorizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    HttpLoadBalancing ClusterAddonsConfigHttpLoadBalancing
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    IstioConfig ClusterAddonsConfigIstioConfig
    . Structure is documented below.
    KalmConfig ClusterAddonsConfigKalmConfig
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    NetworkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
    cloudrunConfig ClusterAddonsConfigCloudrunConfig
    . Structure is documented below.
    configConnectorConfig ClusterAddonsConfigConfigConnectorConfig

    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

    This example addons_config disables two addons:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The binary_authorization block supports:

    dnsCacheConfig ClusterAddonsConfigDnsCacheConfig

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    gcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    gcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    gcsFuseCsiDriverConfig ClusterAddonsConfigGcsFuseCsiDriverConfig
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    gkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    horizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    httpLoadBalancing ClusterAddonsConfigHttpLoadBalancing
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    istioConfig ClusterAddonsConfigIstioConfig
    . Structure is documented below.
    kalmConfig ClusterAddonsConfigKalmConfig
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    networkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
    cloudrunConfig ClusterAddonsConfigCloudrunConfig
    . Structure is documented below.
    configConnectorConfig ClusterAddonsConfigConfigConnectorConfig

    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

    This example addons_config disables two addons:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The binary_authorization block supports:

    dnsCacheConfig ClusterAddonsConfigDnsCacheConfig

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    gcePersistentDiskCsiDriverConfig ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    gcpFilestoreCsiDriverConfig ClusterAddonsConfigGcpFilestoreCsiDriverConfig
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    gcsFuseCsiDriverConfig ClusterAddonsConfigGcsFuseCsiDriverConfig
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    gkeBackupAgentConfig ClusterAddonsConfigGkeBackupAgentConfig
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    horizontalPodAutoscaling ClusterAddonsConfigHorizontalPodAutoscaling
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    httpLoadBalancing ClusterAddonsConfigHttpLoadBalancing
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    istioConfig ClusterAddonsConfigIstioConfig
    . Structure is documented below.
    kalmConfig ClusterAddonsConfigKalmConfig
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    networkPolicyConfig ClusterAddonsConfigNetworkPolicyConfig
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
    cloudrun_config ClusterAddonsConfigCloudrunConfig
    . Structure is documented below.
    config_connector_config ClusterAddonsConfigConfigConnectorConfig

    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

    This example addons_config disables two addons:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The binary_authorization block supports:

    dns_cache_config ClusterAddonsConfigDnsCacheConfig

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    gce_persistent_disk_csi_driver_config ClusterAddonsConfigGcePersistentDiskCsiDriverConfig

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    gcp_filestore_csi_driver_config ClusterAddonsConfigGcpFilestoreCsiDriverConfig
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    gcs_fuse_csi_driver_config ClusterAddonsConfigGcsFuseCsiDriverConfig
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    gke_backup_agent_config ClusterAddonsConfigGkeBackupAgentConfig
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    horizontal_pod_autoscaling ClusterAddonsConfigHorizontalPodAutoscaling
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    http_load_balancing ClusterAddonsConfigHttpLoadBalancing
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    istio_config ClusterAddonsConfigIstioConfig
    . Structure is documented below.
    kalm_config ClusterAddonsConfigKalmConfig
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    network_policy_config ClusterAddonsConfigNetworkPolicyConfig
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
    cloudrunConfig Property Map
    . Structure is documented below.
    configConnectorConfig Property Map

    . The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.

    This example addons_config disables two addons:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The binary_authorization block supports:

    dnsCacheConfig Property Map

    . The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.

    Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.

    gcePersistentDiskCsiDriverConfig Property Map

    . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable.

    Note: The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.

    gcpFilestoreCsiDriverConfig Property Map
    The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
    gcsFuseCsiDriverConfig Property Map
    The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters with version 1.24 or later; set enabled = true to enable it explicitly. See Enable the Cloud Storage FUSE CSI driver for more information.
    gkeBackupAgentConfig Property Map
    . The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
    horizontalPodAutoscaling Property Map
    The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
    httpLoadBalancing Property Map
    The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
    istioConfig Property Map
    . Structure is documented below.
    kalmConfig Property Map
    . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.
    networkPolicyConfig Property Map
    Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.

    ClusterAddonsConfigCloudrunConfig, ClusterAddonsConfigCloudrunConfigArgs

    Disabled bool
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    LoadBalancerType string
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
    Disabled bool
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    LoadBalancerType string
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
    disabled Boolean
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    loadBalancerType String
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
    disabled boolean
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    loadBalancerType string
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
    disabled bool
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    load_balancer_type str
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
    disabled Boolean
    The status of the CloudRun addon. It is disabled by default. Set disabled=false to enable.
    loadBalancerType String
    The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.

    ClusterAddonsConfigConfigConnectorConfig, ClusterAddonsConfigConfigConnectorConfigArgs

    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    ClusterAddonsConfigDnsCacheConfig, ClusterAddonsConfigDnsCacheConfigArgs

    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    ClusterAddonsConfigGcePersistentDiskCsiDriverConfig, ClusterAddonsConfigGcePersistentDiskCsiDriverConfigArgs

    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    ClusterAddonsConfigGcpFilestoreCsiDriverConfig, ClusterAddonsConfigGcpFilestoreCsiDriverConfigArgs

    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    ClusterAddonsConfigGcsFuseCsiDriverConfig, ClusterAddonsConfigGcsFuseCsiDriverConfigArgs

    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    ClusterAddonsConfigGkeBackupAgentConfig, ClusterAddonsConfigGkeBackupAgentConfigArgs

    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    ClusterAddonsConfigHorizontalPodAutoscaling, ClusterAddonsConfigHorizontalPodAutoscalingArgs

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    ClusterAddonsConfigHttpLoadBalancing, ClusterAddonsConfigHttpLoadBalancingArgs

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    ClusterAddonsConfigIstioConfig, ClusterAddonsConfigIstioConfigArgs

    Disabled bool
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    Auth string
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.
    Disabled bool
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    Auth string
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.
    disabled Boolean
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    auth String
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.
    disabled boolean
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    auth string
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.
    disabled bool
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    auth str
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.
    disabled Boolean
    The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
    auth String
    The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.

    ClusterAddonsConfigKalmConfig, ClusterAddonsConfigKalmConfigArgs

    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    ClusterAddonsConfigNetworkPolicyConfig, ClusterAddonsConfigNetworkPolicyConfigArgs

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    ClusterAuthenticatorGroupsConfig, ClusterAuthenticatorGroupsConfigArgs

    SecurityGroup string
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
    SecurityGroup string
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
    securityGroup String
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
    securityGroup string
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
    security_group str
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
    securityGroup String
    The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.

    ClusterBinaryAuthorization, ClusterBinaryAuthorizationArgs

    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    Deprecated:Deprecated in favor of evaluation_mode.

    EvaluationMode string
    Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE.
    Enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    Deprecated:Deprecated in favor of evaluation_mode.

    EvaluationMode string
    Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    Deprecated:Deprecated in favor of evaluation_mode.

    evaluationMode String
    Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE.
    enabled boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    Deprecated:Deprecated in favor of evaluation_mode.

    evaluationMode string
    Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE.
    enabled bool
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    Deprecated:Deprecated in favor of evaluation_mode.

    evaluation_mode str
    Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE.
    enabled Boolean
    Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.

    Deprecated:Deprecated in favor of evaluation_mode.

    evaluationMode String
    Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE.

    ClusterClusterAutoscaling, ClusterClusterAutoscalingArgs

    AutoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    AutoscalingProfile string
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    Enabled bool
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    ResourceLimits List<ClusterClusterAutoscalingResourceLimit>
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
    AutoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    AutoscalingProfile string
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    Enabled bool
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    ResourceLimits []ClusterClusterAutoscalingResourceLimit
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
    autoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    autoscalingProfile String
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    enabled Boolean
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    resourceLimits List<ClusterClusterAutoscalingResourceLimit>
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
    autoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaults
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    autoscalingProfile string
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    enabled boolean
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    resourceLimits ClusterClusterAutoscalingResourceLimit[]
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
    auto_provisioning_defaults ClusterClusterAutoscalingAutoProvisioningDefaults
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    autoscaling_profile str
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    enabled bool
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    resource_limits Sequence[ClusterClusterAutoscalingResourceLimit]
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
    autoProvisioningDefaults Property Map
    Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
    autoscalingProfile String
    Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.
    enabled Boolean
    Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
    resourceLimits List<Property Map>
    Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.

    ClusterClusterAutoscalingAutoProvisioningDefaults, ClusterClusterAutoscalingAutoProvisioningDefaultsArgs

    BootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    DiskSize int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    DiskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    ImageType string
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    Management ClusterClusterAutoscalingAutoProvisioningDefaultsManagement
    NodeManagement configuration for this NodePool. Structure is documented below.
    MinCpuPlatform string
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    OauthScopes List<string>

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    ServiceAccount string
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    ShieldedInstanceConfig ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    UpgradeSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings
    Specifies the upgrade settings for NAP created node pools. Structure is documented below.
    BootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    DiskSize int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    DiskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    ImageType string
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    Management ClusterClusterAutoscalingAutoProvisioningDefaultsManagement
    NodeManagement configuration for this NodePool. Structure is documented below.
    MinCpuPlatform string
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    OauthScopes []string

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    ServiceAccount string
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    ShieldedInstanceConfig ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    UpgradeSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings
    Specifies the upgrade settings for NAP created node pools. Structure is documented below.
    bootDiskKmsKey String
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    diskSize Integer
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    diskType String
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    imageType String
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    management ClusterClusterAutoscalingAutoProvisioningDefaultsManagement
    NodeManagement configuration for this NodePool. Structure is documented below.
    minCpuPlatform String
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    oauthScopes List<String>

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    serviceAccount String
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    shieldedInstanceConfig ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    upgradeSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings
    Specifies the upgrade settings for NAP created node pools. Structure is documented below.
    bootDiskKmsKey string
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    diskSize number
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    diskType string
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    imageType string
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    management ClusterClusterAutoscalingAutoProvisioningDefaultsManagement
    NodeManagement configuration for this NodePool. Structure is documented below.
    minCpuPlatform string
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    oauthScopes string[]

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    serviceAccount string
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    shieldedInstanceConfig ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    upgradeSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings
    Specifies the upgrade settings for NAP created node pools. Structure is documented below.
    boot_disk_kms_key str
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    disk_size int
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    disk_type str
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    image_type str
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    management ClusterClusterAutoscalingAutoProvisioningDefaultsManagement
    NodeManagement configuration for this NodePool. Structure is documented below.
    min_cpu_platform str
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    oauth_scopes Sequence[str]

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    service_account str
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    shielded_instance_config ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig
    Shielded Instance options. Structure is documented below.
    upgrade_settings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings
    Specifies the upgrade settings for NAP created node pools. Structure is documented below.
    bootDiskKmsKey String
    The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
    diskSize Number
    Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
    diskType String
    Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to pd-standard
    imageType String
    The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24
    management Property Map
    NodeManagement configuration for this NodePool. Structure is documented below.
    minCpuPlatform String
    Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
    oauthScopes List<String>

    Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.

    monitoring.write is always enabled regardless of user input. monitoring and logging.write may also be enabled depending on the values for monitoring_service and logging_service.

    serviceAccount String
    The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
    shieldedInstanceConfig Property Map
    Shielded Instance options. Structure is documented below.
    upgradeSettings Property Map
    Specifies the upgrade settings for NAP created node pools. Structure is documented below.

    ClusterClusterAutoscalingAutoProvisioningDefaultsManagement, ClusterClusterAutoscalingAutoProvisioningDefaultsManagementArgs

    AutoRepair bool

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    AutoUpgrade bool
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    UpgradeOptions List<ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption>
    Specifies the Auto Upgrade knobs for the node pool.
    AutoRepair bool

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    AutoUpgrade bool
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    UpgradeOptions []ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption
    Specifies the Auto Upgrade knobs for the node pool.
    autoRepair Boolean

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    autoUpgrade Boolean
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    upgradeOptions List<ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption>
    Specifies the Auto Upgrade knobs for the node pool.
    autoRepair boolean

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    autoUpgrade boolean
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    upgradeOptions ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption[]
    Specifies the Auto Upgrade knobs for the node pool.
    auto_repair bool

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    auto_upgrade bool
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    upgrade_options Sequence[ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption]
    Specifies the Auto Upgrade knobs for the node pool.
    autoRepair Boolean

    Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.

    This block also contains several computed attributes, documented below.

    autoUpgrade Boolean
    Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
    upgradeOptions List<Property Map>
    Specifies the Auto Upgrade knobs for the node pool.

    ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption, ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArgs

    AutoUpgradeStartTime string
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    Description string
    Description of the cluster.
    AutoUpgradeStartTime string
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    Description string
    Description of the cluster.
    autoUpgradeStartTime String
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    description String
    Description of the cluster.
    autoUpgradeStartTime string
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    description string
    Description of the cluster.
    auto_upgrade_start_time str
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    description str
    Description of the cluster.
    autoUpgradeStartTime String
    This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
    description String
    Description of the cluster.

    ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig, ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfigArgs

    EnableIntegrityMonitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    EnableSecureBoot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    EnableIntegrityMonitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    EnableSecureBoot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring Boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot Boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enable_integrity_monitoring bool

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enable_secure_boot bool

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    enableIntegrityMonitoring Boolean

    Defines if the instance has integrity monitoring enabled.

    Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to true.

    enableSecureBoot Boolean

    Defines if the instance has Secure Boot enabled.

    Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.

    ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsArgs

    BlueGreenSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    MaxSurge int
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    MaxUnavailable int
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    Strategy string
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    BlueGreenSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    MaxSurge int
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    MaxUnavailable int
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    Strategy string
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blueGreenSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    maxSurge Integer
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    maxUnavailable Integer
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy String
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blueGreenSettings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    maxSurge number
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    maxUnavailable number
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy string
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blue_green_settings ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    max_surge int
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    max_unavailable int
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy str
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
    blueGreenSettings Property Map
    Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    maxSurge Number
    The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    maxUnavailable Number
    The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
    strategy String
    Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.

    ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsArgs

    NodePoolSoakDuration string
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    StandardRolloutPolicy ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    NodePoolSoakDuration string
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    StandardRolloutPolicy ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    nodePoolSoakDuration String
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standardRolloutPolicy ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    nodePoolSoakDuration string
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standardRolloutPolicy ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    node_pool_soak_duration str
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standard_rollout_policy ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
    nodePoolSoakDuration String
    Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    standardRolloutPolicy Property Map
    Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.

    ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs

    BatchNodeCount int
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    BatchPercentage double
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    BatchSoakDuration string
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    BatchNodeCount int
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    BatchPercentage float64
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    BatchSoakDuration string
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batchNodeCount Integer
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batchPercentage Double
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batchSoakDuration String
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batchNodeCount number
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batchPercentage number
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batchSoakDuration string
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batch_node_count int
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batch_percentage float
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batch_soak_duration str
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
    batchNodeCount Number
    Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
    batchPercentage Number
    Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
    batchSoakDuration String
    Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.

    ClusterClusterAutoscalingResourceLimit, ClusterClusterAutoscalingResourceLimitArgs

    ResourceType string
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    Maximum int
    Maximum amount of the resource in the cluster.
    Minimum int
    Minimum amount of the resource in the cluster.
    ResourceType string
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    Maximum int
    Maximum amount of the resource in the cluster.
    Minimum int
    Minimum amount of the resource in the cluster.
    resourceType String
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    maximum Integer
    Maximum amount of the resource in the cluster.
    minimum Integer
    Minimum amount of the resource in the cluster.
    resourceType string
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    maximum number
    Maximum amount of the resource in the cluster.
    minimum number
    Minimum amount of the resource in the cluster.
    resource_type str
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    maximum int
    Maximum amount of the resource in the cluster.
    minimum int
    Minimum amount of the resource in the cluster.
    resourceType String
    The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
    maximum Number
    Maximum amount of the resource in the cluster.
    minimum Number
    Minimum amount of the resource in the cluster.

    ClusterClusterTelemetry, ClusterClusterTelemetryArgs

    Type string
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    Type string
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    type String
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    type string
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    type str
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
    type String
    Telemetry integration for the cluster. Supported values (ENABLED, DISABLED, SYSTEM_ONLY); SYSTEM_ONLY (Only system components are monitored and logged) is only available in GKE versions 1.15 and later.

    ClusterConfidentialNodes, ClusterConfidentialNodesArgs

    Enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    Enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled Boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled bool
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
    enabled Boolean
    Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.

    ClusterCostManagementConfig, ClusterCostManagementConfigArgs

    Enabled bool
    Whether to enable the cost allocation feature.
    Enabled bool
    Whether to enable the cost allocation feature.
    enabled Boolean
    Whether to enable the cost allocation feature.
    enabled boolean
    Whether to enable the cost allocation feature.
    enabled bool
    Whether to enable the cost allocation feature.
    enabled Boolean
    Whether to enable the cost allocation feature.

    ClusterDatabaseEncryption, ClusterDatabaseEncryptionArgs

    State string
    ENCRYPTED or DECRYPTED
    KeyName string

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    State string
    ENCRYPTED or DECRYPTED
    KeyName string

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    state String
    ENCRYPTED or DECRYPTED
    keyName String

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    state string
    ENCRYPTED or DECRYPTED
    keyName string

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    state str
    ENCRYPTED or DECRYPTED
    key_name str

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    state String
    ENCRYPTED or DECRYPTED
    keyName String

    the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.

    The enable_k8s_beta_apis block supports:

    ClusterDefaultSnatStatus, ClusterDefaultSnatStatusArgs

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    ClusterDnsConfig, ClusterDnsConfigArgs

    ClusterDns string
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    ClusterDnsDomain string
    The suffix used for all cluster service records.
    ClusterDnsScope string
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
    ClusterDns string
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    ClusterDnsDomain string
    The suffix used for all cluster service records.
    ClusterDnsScope string
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
    clusterDns String
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    clusterDnsDomain String
    The suffix used for all cluster service records.
    clusterDnsScope String
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
    clusterDns string
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    clusterDnsDomain string
    The suffix used for all cluster service records.
    clusterDnsScope string
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
    cluster_dns str
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    cluster_dns_domain str
    The suffix used for all cluster service records.
    cluster_dns_scope str
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
    clusterDns String
    Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
    clusterDnsDomain String
    The suffix used for all cluster service records.
    clusterDnsScope String
    The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.

    ClusterEnableK8sBetaApis, ClusterEnableK8sBetaApisArgs

    EnabledApis List<string>
    Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
    EnabledApis []string
    Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
    enabledApis List<String>
    Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
    enabledApis string[]
    Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
    enabled_apis Sequence[str]
    Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
    enabledApis List<String>
    Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.

    ClusterFleet, ClusterFleetArgs

    Membership string
    Full resource name of the registered fleet membership of the cluster.
    PreRegistered bool
    Whether the cluster has been registered via the fleet API.
    Project string
    The name of the Fleet host project where this cluster will be registered.
    Membership string
    Full resource name of the registered fleet membership of the cluster.
    PreRegistered bool
    Whether the cluster has been registered via the fleet API.
    Project string
    The name of the Fleet host project where this cluster will be registered.
    membership String
    Full resource name of the registered fleet membership of the cluster.
    preRegistered Boolean
    Whether the cluster has been registered via the fleet API.
    project String
    The name of the Fleet host project where this cluster will be registered.
    membership string
    Full resource name of the registered fleet membership of the cluster.
    preRegistered boolean
    Whether the cluster has been registered via the fleet API.
    project string
    The name of the Fleet host project where this cluster will be registered.
    membership str
    Full resource name of the registered fleet membership of the cluster.
    pre_registered bool
    Whether the cluster has been registered via the fleet API.
    project str
    The name of the Fleet host project where this cluster will be registered.
    membership String
    Full resource name of the registered fleet membership of the cluster.
    preRegistered Boolean
    Whether the cluster has been registered via the fleet API.
    project String
    The name of the Fleet host project where this cluster will be registered.

    ClusterGatewayApiConfig, ClusterGatewayApiConfigArgs

    Channel string
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.
    Channel string
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.
    channel String
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.
    channel string
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.
    channel str
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.
    channel String
    Which Gateway Api channel should be used. CHANNEL_DISABLED, CHANNEL_EXPERIMENTAL or CHANNEL_STANDARD.

    ClusterIdentityServiceConfig, ClusterIdentityServiceConfigArgs

    Enabled bool
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.
    Enabled bool
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.
    enabled Boolean
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.
    enabled boolean
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.
    enabled bool
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.
    enabled Boolean
    Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.

    ClusterIpAllocationPolicy, ClusterIpAllocationPolicyArgs

    AdditionalPodRangesConfig ClusterIpAllocationPolicyAdditionalPodRangesConfig
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    ClusterIpv4CidrBlock string
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    ClusterSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    PodCidrOverprovisionConfig ClusterIpAllocationPolicyPodCidrOverprovisionConfig
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    ServicesIpv4CidrBlock string
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    ServicesSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    StackType string
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.
    AdditionalPodRangesConfig ClusterIpAllocationPolicyAdditionalPodRangesConfig
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    ClusterIpv4CidrBlock string
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    ClusterSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    PodCidrOverprovisionConfig ClusterIpAllocationPolicyPodCidrOverprovisionConfig
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    ServicesIpv4CidrBlock string
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    ServicesSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    StackType string
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.
    additionalPodRangesConfig ClusterIpAllocationPolicyAdditionalPodRangesConfig
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    clusterIpv4CidrBlock String
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    clusterSecondaryRangeName String
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    podCidrOverprovisionConfig ClusterIpAllocationPolicyPodCidrOverprovisionConfig
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    servicesIpv4CidrBlock String
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    servicesSecondaryRangeName String
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    stackType String
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.
    additionalPodRangesConfig ClusterIpAllocationPolicyAdditionalPodRangesConfig
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    clusterIpv4CidrBlock string
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    clusterSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    podCidrOverprovisionConfig ClusterIpAllocationPolicyPodCidrOverprovisionConfig
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    servicesIpv4CidrBlock string
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    servicesSecondaryRangeName string
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    stackType string
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.
    additional_pod_ranges_config ClusterIpAllocationPolicyAdditionalPodRangesConfig
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    cluster_ipv4_cidr_block str
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    cluster_secondary_range_name str
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    pod_cidr_overprovision_config ClusterIpAllocationPolicyPodCidrOverprovisionConfig
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    services_ipv4_cidr_block str
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    services_secondary_range_name str
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    stack_type str
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.
    additionalPodRangesConfig Property Map
    The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
    clusterIpv4CidrBlock String
    The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    clusterSecondaryRangeName String
    The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    podCidrOverprovisionConfig Property Map
    Configuration for cluster level pod cidr overprovision. Default is disabled=false.
    servicesIpv4CidrBlock String
    The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
    servicesSecondaryRangeName String
    The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
    stackType String
    The IP Stack Type of the cluster. Default value is IPV4. Possible values are IPV4 and IPV4_IPV6.

    ClusterIpAllocationPolicyAdditionalPodRangesConfig, ClusterIpAllocationPolicyAdditionalPodRangesConfigArgs

    PodRangeNames List<string>
    The names of the Pod ranges to add to the cluster.
    PodRangeNames []string
    The names of the Pod ranges to add to the cluster.
    podRangeNames List<String>
    The names of the Pod ranges to add to the cluster.
    podRangeNames string[]
    The names of the Pod ranges to add to the cluster.
    pod_range_names Sequence[str]
    The names of the Pod ranges to add to the cluster.
    podRangeNames List<String>
    The names of the Pod ranges to add to the cluster.

    ClusterIpAllocationPolicyPodCidrOverprovisionConfig, ClusterIpAllocationPolicyPodCidrOverprovisionConfigArgs

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    Disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled bool

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    disabled Boolean

    Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic

    The cluster_telemetry block supports

    ClusterLoggingConfig, ClusterLoggingConfigArgs

    EnableComponents List<string>
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
    EnableComponents []string
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
    enableComponents List<String>
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
    enableComponents string[]
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
    enable_components Sequence[str]
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
    enableComponents List<String>
    The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.

    ClusterMaintenancePolicy, ClusterMaintenancePolicyArgs

    DailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    MaintenanceExclusions List<ClusterMaintenancePolicyMaintenanceExclusion>
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    RecurringWindow ClusterMaintenancePolicyRecurringWindow

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    
    return await Deployment.RunAsync(() => 
    {
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    DailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    MaintenanceExclusions []ClusterMaintenancePolicyMaintenanceExclusion
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    RecurringWindow ClusterMaintenancePolicyRecurringWindow

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    
    return await Deployment.RunAsync(() => 
    {
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    dailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    maintenanceExclusions List<ClusterMaintenancePolicyMaintenanceExclusion>
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    recurringWindow ClusterMaintenancePolicyRecurringWindow

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    
    return await Deployment.RunAsync(() => 
    {
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    dailyMaintenanceWindow ClusterMaintenancePolicyDailyMaintenanceWindow

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    maintenanceExclusions ClusterMaintenancePolicyMaintenanceExclusion[]
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    recurringWindow ClusterMaintenancePolicyRecurringWindow

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    
    return await Deployment.RunAsync(() => 
    {
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    daily_maintenance_window ClusterMaintenancePolicyDailyMaintenanceWindow

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    maintenance_exclusions Sequence[ClusterMaintenancePolicyMaintenanceExclusion]
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    recurring_window ClusterMaintenancePolicyRecurringWindow

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    
    return await Deployment.RunAsync(() => 
    {
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    dailyMaintenanceWindow Property Map

    Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    maintenanceExclusions List<Property Map>
    Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
    recurringWindow Property Map

    Time window for recurring maintenance operations.

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    
    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    
    return await Deployment.RunAsync(() => 
    {
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    ClusterMaintenancePolicyDailyMaintenanceWindow, ClusterMaintenancePolicyDailyMaintenanceWindowArgs

    StartTime string
    Duration string
    StartTime string
    Duration string
    startTime String
    duration String
    startTime string
    duration string
    startTime String
    duration String

    ClusterMaintenancePolicyMaintenanceExclusion, ClusterMaintenancePolicyMaintenanceExclusionArgs

    EndTime string
    ExclusionName string
    StartTime string
    ExclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions
    MaintenanceExclusionOptions provides maintenance exclusion related options.
    EndTime string
    ExclusionName string
    StartTime string
    ExclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions
    MaintenanceExclusionOptions provides maintenance exclusion related options.
    endTime String
    exclusionName String
    startTime String
    exclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions
    MaintenanceExclusionOptions provides maintenance exclusion related options.
    endTime string
    exclusionName string
    startTime string
    exclusionOptions ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions
    MaintenanceExclusionOptions provides maintenance exclusion related options.
    end_time str
    exclusion_name str
    start_time str
    exclusion_options ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions
    MaintenanceExclusionOptions provides maintenance exclusion related options.
    endTime String
    exclusionName String
    startTime String
    exclusionOptions Property Map
    MaintenanceExclusionOptions provides maintenance exclusion related options.

    ClusterMaintenancePolicyMaintenanceExclusionExclusionOptions, ClusterMaintenancePolicyMaintenanceExclusionExclusionOptionsArgs

    Scope string

    The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES

    Specify start_time and end_time in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration.Specify recurrence in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.

    Examples:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}