gcp.container.Cluster
Explore with Pulumi AI
Manages a Google Kubernetes Engine (GKE) cluster. For more information see the official documentation and the API reference.
Warning: All arguments and attributes, including basic auth username and passwords as well as certificate outputs will be stored in the raw state as plaintext. Read more about secrets in state.
Example Usage
With A Separately Managed Node Pool (Recommended)
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.ServiceAccount.Account("default", new()
{
AccountId = "service-account-id",
DisplayName = "Service Account",
});
var primary = new Gcp.Container.Cluster("primary", new()
{
Location = "us-central1",
RemoveDefaultNodePool = true,
InitialNodeCount = 1,
});
var primaryPreemptibleNodes = new Gcp.Container.NodePool("primaryPreemptibleNodes", new()
{
Location = "us-central1",
Cluster = primary.Name,
NodeCount = 1,
NodeConfig = new Gcp.Container.Inputs.NodePoolNodeConfigArgs
{
Preemptible = true,
MachineType = "e2-medium",
ServiceAccount = @default.Email,
OauthScopes = new[]
{
"https://www.googleapis.com/auth/cloud-platform",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := serviceAccount.NewAccount(ctx, "default", &serviceAccount.AccountArgs{
AccountId: pulumi.String("service-account-id"),
DisplayName: pulumi.String("Service Account"),
})
if err != nil {
return err
}
primary, err := container.NewCluster(ctx, "primary", &container.ClusterArgs{
Location: pulumi.String("us-central1"),
RemoveDefaultNodePool: pulumi.Bool(true),
InitialNodeCount: pulumi.Int(1),
})
if err != nil {
return err
}
_, err = container.NewNodePool(ctx, "primaryPreemptibleNodes", &container.NodePoolArgs{
Location: pulumi.String("us-central1"),
Cluster: primary.Name,
NodeCount: pulumi.Int(1),
NodeConfig: &container.NodePoolNodeConfigArgs{
Preemptible: pulumi.Bool(true),
MachineType: pulumi.String("e2-medium"),
ServiceAccount: _default.Email,
OauthScopes: pulumi.StringArray{
pulumi.String("https://www.googleapis.com/auth/cloud-platform"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.container.NodePool;
import com.pulumi.gcp.container.NodePoolArgs;
import com.pulumi.gcp.container.inputs.NodePoolNodeConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Account("default", AccountArgs.builder()
.accountId("service-account-id")
.displayName("Service Account")
.build());
var primary = new Cluster("primary", ClusterArgs.builder()
.location("us-central1")
.removeDefaultNodePool(true)
.initialNodeCount(1)
.build());
var primaryPreemptibleNodes = new NodePool("primaryPreemptibleNodes", NodePoolArgs.builder()
.location("us-central1")
.cluster(primary.name())
.nodeCount(1)
.nodeConfig(NodePoolNodeConfigArgs.builder()
.preemptible(true)
.machineType("e2-medium")
.serviceAccount(default_.email())
.oauthScopes("https://www.googleapis.com/auth/cloud-platform")
.build())
.build());
}
}
import pulumi
import pulumi_gcp as gcp
default = gcp.service_account.Account("default",
account_id="service-account-id",
display_name="Service Account")
primary = gcp.container.Cluster("primary",
location="us-central1",
remove_default_node_pool=True,
initial_node_count=1)
primary_preemptible_nodes = gcp.container.NodePool("primaryPreemptibleNodes",
location="us-central1",
cluster=primary.name,
node_count=1,
node_config=gcp.container.NodePoolNodeConfigArgs(
preemptible=True,
machine_type="e2-medium",
service_account=default.email,
oauth_scopes=["https://www.googleapis.com/auth/cloud-platform"],
))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.serviceaccount.Account("default", {
accountId: "service-account-id",
displayName: "Service Account",
});
const primary = new gcp.container.Cluster("primary", {
location: "us-central1",
removeDefaultNodePool: true,
initialNodeCount: 1,
});
const primaryPreemptibleNodes = new gcp.container.NodePool("primaryPreemptibleNodes", {
location: "us-central1",
cluster: primary.name,
nodeCount: 1,
nodeConfig: {
preemptible: true,
machineType: "e2-medium",
serviceAccount: _default.email,
oauthScopes: ["https://www.googleapis.com/auth/cloud-platform"],
},
});
resources:
default:
type: gcp:serviceAccount:Account
properties:
accountId: service-account-id
displayName: Service Account
primary:
type: gcp:container:Cluster
properties:
location: us-central1
# We can't create a cluster with no node pool defined, but we want to only use
# # separately managed node pools. So we create the smallest possible default
# # node pool and immediately delete it.
removeDefaultNodePool: true
initialNodeCount: 1
primaryPreemptibleNodes:
type: gcp:container:NodePool
properties:
location: us-central1
cluster: ${primary.name}
nodeCount: 1
nodeConfig:
preemptible: true
machineType: e2-medium
serviceAccount: ${default.email}
oauthScopes:
- https://www.googleapis.com/auth/cloud-platform
With The Default Node Pool
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.ServiceAccount.Account("default", new()
{
AccountId = "service-account-id",
DisplayName = "Service Account",
});
var primary = new Gcp.Container.Cluster("primary", new()
{
EnableAutopilot = true,
Location = "us-central1-a",
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/container"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := serviceAccount.NewAccount(ctx, "default", &serviceAccount.AccountArgs{
AccountId: pulumi.String("service-account-id"),
DisplayName: pulumi.String("Service Account"),
})
if err != nil {
return err
}
_, err = container.NewCluster(ctx, "primary", &container.ClusterArgs{
EnableAutopilot: pulumi.Bool(true),
Location: pulumi.String("us-central1-a"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import com.pulumi.gcp.container.inputs.ClusterNodeConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Account("default", AccountArgs.builder()
.accountId("service-account-id")
.displayName("Service Account")
.build());
var primary = new Cluster("primary", ClusterArgs.builder()
.location("us-central1-a")
.initialNodeCount(3)
.nodeConfig(ClusterNodeConfigArgs.builder()
.serviceAccount(default_.email())
.oauthScopes("https://www.googleapis.com/auth/cloud-platform")
.labels(Map.of("foo", "bar"))
.tags(
"foo",
"bar")
.build())
.timeouts(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.build());
}
}
import pulumi
import pulumi_gcp as gcp
default = gcp.service_account.Account("default",
account_id="service-account-id",
display_name="Service Account")
primary = gcp.container.Cluster("primary",
enable_autopilot=True,
location="us-central1-a")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.serviceaccount.Account("default", {
accountId: "service-account-id",
displayName: "Service Account",
});
const primary = new gcp.container.Cluster("primary", {
enableAutopilot: true,
location: "us-central1-a",
});
resources:
default:
type: gcp:serviceAccount:Account
properties:
accountId: service-account-id
displayName: Service Account
primary:
type: gcp:container:Cluster
properties:
location: us-central1-a
initialNodeCount: 3
nodeConfig:
serviceAccount: ${default.email}
oauthScopes:
- https://www.googleapis.com/auth/cloud-platform
labels:
foo: bar
tags:
- foo
- bar
timeouts:
- create: 30m
update: 40m
Autopilot
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.container.Cluster;
import com.pulumi.gcp.container.ClusterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Account("default", AccountArgs.builder()
.accountId("service-account-id")
.displayName("Service Account")
.build());
var primary = new Cluster("primary", ClusterArgs.builder()
.enableAutopilot(true)
.location("us-central1-a")
.build());
}
}
Coming soon!
Coming soon!
resources:
default:
type: gcp:serviceAccount:Account
properties:
accountId: service-account-id
displayName: Service Account
primary:
type: gcp:container:Cluster
properties:
enableAutopilot: true
location: us-central1-a
Create Cluster Resource
new Cluster(name: string, args?: ClusterArgs, opts?: CustomResourceOptions);
@overload
def Cluster(resource_name: str,
opts: Optional[ResourceOptions] = None,
addons_config: Optional[ClusterAddonsConfigArgs] = None,
allow_net_admin: Optional[bool] = None,
authenticator_groups_config: Optional[ClusterAuthenticatorGroupsConfigArgs] = None,
binary_authorization: Optional[ClusterBinaryAuthorizationArgs] = None,
cluster_autoscaling: Optional[ClusterClusterAutoscalingArgs] = None,
cluster_ipv4_cidr: Optional[str] = None,
cluster_telemetry: Optional[ClusterClusterTelemetryArgs] = None,
confidential_nodes: Optional[ClusterConfidentialNodesArgs] = None,
cost_management_config: Optional[ClusterCostManagementConfigArgs] = None,
database_encryption: Optional[ClusterDatabaseEncryptionArgs] = None,
datapath_provider: Optional[str] = None,
default_max_pods_per_node: Optional[int] = None,
default_snat_status: Optional[ClusterDefaultSnatStatusArgs] = None,
description: Optional[str] = None,
dns_config: Optional[ClusterDnsConfigArgs] = None,
enable_autopilot: Optional[bool] = None,
enable_binary_authorization: Optional[bool] = None,
enable_fqdn_network_policy: Optional[bool] = None,
enable_intranode_visibility: Optional[bool] = None,
enable_k8s_beta_apis: Optional[ClusterEnableK8sBetaApisArgs] = None,
enable_kubernetes_alpha: Optional[bool] = None,
enable_l4_ilb_subsetting: Optional[bool] = None,
enable_legacy_abac: Optional[bool] = None,
enable_multi_networking: Optional[bool] = None,
enable_shielded_nodes: Optional[bool] = None,
enable_tpu: Optional[bool] = None,
gateway_api_config: Optional[ClusterGatewayApiConfigArgs] = None,
identity_service_config: Optional[ClusterIdentityServiceConfigArgs] = None,
initial_node_count: Optional[int] = None,
ip_allocation_policy: Optional[ClusterIpAllocationPolicyArgs] = None,
location: Optional[str] = None,
logging_config: Optional[ClusterLoggingConfigArgs] = None,
logging_service: Optional[str] = None,
maintenance_policy: Optional[ClusterMaintenancePolicyArgs] = None,
master_auth: Optional[ClusterMasterAuthArgs] = None,
master_authorized_networks_config: Optional[ClusterMasterAuthorizedNetworksConfigArgs] = None,
mesh_certificates: Optional[ClusterMeshCertificatesArgs] = None,
min_master_version: Optional[str] = None,
monitoring_config: Optional[ClusterMonitoringConfigArgs] = None,
monitoring_service: Optional[str] = None,
name: Optional[str] = None,
network: Optional[str] = None,
network_policy: Optional[ClusterNetworkPolicyArgs] = None,
networking_mode: Optional[str] = None,
node_config: Optional[ClusterNodeConfigArgs] = None,
node_locations: Optional[Sequence[str]] = None,
node_pool_auto_config: Optional[ClusterNodePoolAutoConfigArgs] = None,
node_pool_defaults: Optional[ClusterNodePoolDefaultsArgs] = None,
node_pools: Optional[Sequence[ClusterNodePoolArgs]] = None,
node_version: Optional[str] = None,
notification_config: Optional[ClusterNotificationConfigArgs] = None,
pod_security_policy_config: Optional[ClusterPodSecurityPolicyConfigArgs] = None,
private_cluster_config: Optional[ClusterPrivateClusterConfigArgs] = None,
private_ipv6_google_access: Optional[str] = None,
project: Optional[str] = None,
protect_config: Optional[ClusterProtectConfigArgs] = None,
release_channel: Optional[ClusterReleaseChannelArgs] = None,
remove_default_node_pool: Optional[bool] = None,
resource_labels: Optional[Mapping[str, str]] = None,
resource_usage_export_config: Optional[ClusterResourceUsageExportConfigArgs] = None,
security_posture_config: Optional[ClusterSecurityPostureConfigArgs] = None,
service_external_ips_config: Optional[ClusterServiceExternalIpsConfigArgs] = None,
subnetwork: Optional[str] = None,
tpu_config: Optional[ClusterTpuConfigArgs] = None,
vertical_pod_autoscaling: Optional[ClusterVerticalPodAutoscalingArgs] = None,
workload_identity_config: Optional[ClusterWorkloadIdentityConfigArgs] = None)
@overload
def Cluster(resource_name: str,
args: Optional[ClusterArgs] = None,
opts: Optional[ResourceOptions] = None)
func NewCluster(ctx *Context, name string, args *ClusterArgs, opts ...ResourceOption) (*Cluster, error)
public Cluster(string name, ClusterArgs? args = null, CustomResourceOptions? opts = null)
public Cluster(String name, ClusterArgs args)
public Cluster(String name, ClusterArgs args, CustomResourceOptions options)
type: gcp:container:Cluster
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Cluster Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Cluster resource accepts the following input properties:
- Addons
Config ClusterAddons Config The configuration for addons supported by GKE. Structure is documented below.
- Allow
Net boolAdmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- Authenticator
Groups ClusterConfig Authenticator Groups Config Configuration for the Google Groups for GKE feature. Structure is documented below.
- Cluster
Binary Authorization Configuration options for the Binary Authorization feature. Structure is documented below.
- Cluster
Autoscaling ClusterCluster Autoscaling Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- Cluster
Ipv4Cidr string The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- Cluster
Telemetry ClusterCluster Telemetry Configuration for ClusterTelemetry feature, Structure is documented below.
- Confidential
Nodes ClusterConfidential Nodes Configuration for Confidential Nodes feature. Structure is documented below documented below.
- Cost
Management ClusterConfig Cost Management Config Configuration for the Cost Allocation feature. Structure is documented below.
- Database
Encryption ClusterDatabase Encryption Structure is documented below.
- Datapath
Provider string The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- Default
Max intPods Per Node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- Default
Snat ClusterStatus Default Snat Status GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- Description string
Description of the cluster.
- Dns
Config ClusterDns Config Configuration for Using Cloud DNS for GKE. Structure is documented below.
- Enable
Autopilot bool Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- bool
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- Enable
Fqdn boolNetwork Policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- Enable
Intranode boolVisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- Enable
K8s ClusterBeta Apis Enable K8s Beta Apis Configuration for Kubernetes Beta APIs. Structure is documented below.
- Enable
Kubernetes boolAlpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- Enable
L4Ilb boolSubsetting Whether L4ILB Subsetting is enabled for this cluster.
- Enable
Legacy boolAbac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- Enable
Multi boolNetworking ) Whether multi-networking is enabled for this cluster.
- Enable
Shielded boolNodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- Enable
Tpu bool Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- Gateway
Api ClusterConfig Gateway Api Config Configuration for GKE Gateway API controller. Structure is documented below.
- Identity
Service ClusterConfig Identity Service Config . Structure is documented below.
- Initial
Node intCount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- Ip
Allocation ClusterPolicy Ip Allocation Policy Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- Location string
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- Logging
Config ClusterLogging Config Logging configuration for the cluster. Structure is documented below.
- Logging
Service string The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- Maintenance
Policy ClusterMaintenance Policy The maintenance policy to use for the cluster. Structure is documented below.
- Master
Auth ClusterMaster Auth The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Cluster
Master Authorized Networks Config The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- Mesh
Certificates ClusterMesh Certificates Structure is documented below.
- Min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- Monitoring
Config ClusterMonitoring Config Monitoring configuration for the cluster. Structure is documented below.
- Monitoring
Service string The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- Name string
The name of the cluster, unique within the project and location.
- Network string
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- Network
Policy ClusterNetwork Policy Configuration options for the NetworkPolicy feature. Structure is documented below.
- Networking
Mode string Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- Node
Config ClusterNode Config Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- Node
Locations List<string> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- Node
Pool ClusterAuto Config Node Pool Auto Config ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- Node
Pool ClusterDefaults Node Pool Defaults Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- Node
Pools List<ClusterNode Pool> List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- Node
Version string The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- Notification
Config ClusterNotification Config Configuration for the cluster upgrade notifications feature. Structure is documented below.
- Pod
Security ClusterPolicy Config Pod Security Policy Config ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- Private
Cluster ClusterConfig Private Cluster Config Configuration for private clusters, clusters with private nodes. Structure is documented below.
- Private
Ipv6Google stringAccess The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protect
Config ClusterProtect Config ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- Release
Channel ClusterRelease Channel Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- Remove
Default boolNode Pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- Resource
Labels Dictionary<string, string> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- Resource
Usage ClusterExport Config Resource Usage Export Config Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- Security
Posture ClusterConfig Security Posture Config Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- Service
External ClusterIps Config Service External Ips Config Structure is documented below.
- Subnetwork string
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- Tpu
Config ClusterTpu Config TPU configuration for the cluster.
- Vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- Workload
Identity ClusterConfig Workload Identity Config Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- Addons
Config ClusterAddons Config Args The configuration for addons supported by GKE. Structure is documented below.
- Allow
Net boolAdmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- Authenticator
Groups ClusterConfig Authenticator Groups Config Args Configuration for the Google Groups for GKE feature. Structure is documented below.
- Cluster
Binary Authorization Args Configuration options for the Binary Authorization feature. Structure is documented below.
- Cluster
Autoscaling ClusterCluster Autoscaling Args Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- Cluster
Ipv4Cidr string The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- Cluster
Telemetry ClusterCluster Telemetry Args Configuration for ClusterTelemetry feature, Structure is documented below.
- Confidential
Nodes ClusterConfidential Nodes Args Configuration for Confidential Nodes feature. Structure is documented below documented below.
- Cost
Management ClusterConfig Cost Management Config Args Configuration for the Cost Allocation feature. Structure is documented below.
- Database
Encryption ClusterDatabase Encryption Args Structure is documented below.
- Datapath
Provider string The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- Default
Max intPods Per Node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- Default
Snat ClusterStatus Default Snat Status Args GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- Description string
Description of the cluster.
- Dns
Config ClusterDns Config Args Configuration for Using Cloud DNS for GKE. Structure is documented below.
- Enable
Autopilot bool Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- bool
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- Enable
Fqdn boolNetwork Policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- Enable
Intranode boolVisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- Enable
K8s ClusterBeta Apis Enable K8s Beta Apis Args Configuration for Kubernetes Beta APIs. Structure is documented below.
- Enable
Kubernetes boolAlpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- Enable
L4Ilb boolSubsetting Whether L4ILB Subsetting is enabled for this cluster.
- Enable
Legacy boolAbac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- Enable
Multi boolNetworking ) Whether multi-networking is enabled for this cluster.
- Enable
Shielded boolNodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- Enable
Tpu bool Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- Gateway
Api ClusterConfig Gateway Api Config Args Configuration for GKE Gateway API controller. Structure is documented below.
- Identity
Service ClusterConfig Identity Service Config Args . Structure is documented below.
- Initial
Node intCount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- Ip
Allocation ClusterPolicy Ip Allocation Policy Args Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- Location string
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- Logging
Config ClusterLogging Config Args Logging configuration for the cluster. Structure is documented below.
- Logging
Service string The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- Maintenance
Policy ClusterMaintenance Policy Args The maintenance policy to use for the cluster. Structure is documented below.
- Master
Auth ClusterMaster Auth Args The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Cluster
Master Authorized Networks Config Args The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- Mesh
Certificates ClusterMesh Certificates Args Structure is documented below.
- Min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- Monitoring
Config ClusterMonitoring Config Args Monitoring configuration for the cluster. Structure is documented below.
- Monitoring
Service string The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- Name string
The name of the cluster, unique within the project and location.
- Network string
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- Network
Policy ClusterNetwork Policy Args Configuration options for the NetworkPolicy feature. Structure is documented below.
- Networking
Mode string Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- Node
Config ClusterNode Config Args Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- Node
Locations []string The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- Node
Pool ClusterAuto Config Node Pool Auto Config Args ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- Node
Pool ClusterDefaults Node Pool Defaults Args Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- Node
Pools []ClusterNode Pool Args List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- Node
Version string The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- Notification
Config ClusterNotification Config Args Configuration for the cluster upgrade notifications feature. Structure is documented below.
- Pod
Security ClusterPolicy Config Pod Security Policy Config Args ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- Private
Cluster ClusterConfig Private Cluster Config Args Configuration for private clusters, clusters with private nodes. Structure is documented below.
- Private
Ipv6Google stringAccess The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protect
Config ClusterProtect Config Args ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- Release
Channel ClusterRelease Channel Args Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- Remove
Default boolNode Pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- Resource
Labels map[string]string The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- Resource
Usage ClusterExport Config Resource Usage Export Config Args Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- Security
Posture ClusterConfig Security Posture Config Args Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- Service
External ClusterIps Config Service External Ips Config Args Structure is documented below.
- Subnetwork string
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- Tpu
Config ClusterTpu Config Args TPU configuration for the cluster.
- Vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling Args Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- Workload
Identity ClusterConfig Workload Identity Config Args Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config ClusterAddons Config The configuration for addons supported by GKE. Structure is documented below.
- allow
Net BooleanAdmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- authenticator
Groups ClusterConfig Authenticator Groups Config Configuration for the Google Groups for GKE feature. Structure is documented below.
- Cluster
Binary Authorization Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling ClusterCluster Autoscaling Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr String The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- cluster
Telemetry ClusterCluster Telemetry Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes ClusterConfidential Nodes Configuration for Confidential Nodes feature. Structure is documented below documented below.
- cost
Management ClusterConfig Cost Management Config Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption ClusterDatabase Encryption Structure is documented below.
- datapath
Provider String The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- default
Max IntegerPods Per Node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat ClusterStatus Default Snat Status GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- description String
Description of the cluster.
- dns
Config ClusterDns Config Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable
Autopilot Boolean Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- Boolean
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- enable
Fqdn BooleanNetwork Policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- enable
Intranode BooleanVisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s ClusterBeta Apis Enable K8s Beta Apis Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes BooleanAlpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb BooleanSubsetting Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy BooleanAbac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- enable
Multi BooleanNetworking ) Whether multi-networking is enabled for this cluster.
- enable
Shielded BooleanNodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- enable
Tpu Boolean Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- gateway
Api ClusterConfig Gateway Api Config Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service ClusterConfig Identity Service Config . Structure is documented below.
- initial
Node IntegerCount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- ip
Allocation ClusterPolicy Ip Allocation Policy Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- location String
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- logging
Config ClusterLogging Config Logging configuration for the cluster. Structure is documented below.
- logging
Service String The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- maintenance
Policy ClusterMaintenance Policy The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth ClusterMaster Auth The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Cluster
Master Authorized Networks Config The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- mesh
Certificates ClusterMesh Certificates Structure is documented below.
- min
Master StringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config ClusterMonitoring Config Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service String The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- name String
The name of the cluster, unique within the project and location.
- network String
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy ClusterNetwork Policy Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode String Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- node
Config ClusterNode Config Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- node
Locations List<String> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool ClusterAuto Config Node Pool Auto Config ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool ClusterDefaults Node Pool Defaults Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools List<ClusterNode Pool> List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version String The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- notification
Config ClusterNotification Config Configuration for the cluster upgrade notifications feature. Structure is documented below.
- pod
Security ClusterPolicy Config Pod Security Policy Config ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster ClusterConfig Private Cluster Config Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google StringAccess The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config ClusterProtect Config ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- release
Channel ClusterRelease Channel Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- remove
Default BooleanNode Pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- resource
Labels Map<String,String> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- resource
Usage ClusterExport Config Resource Usage Export Config Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- security
Posture ClusterConfig Security Posture Config Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- service
External ClusterIps Config Service External Ips Config Structure is documented below.
- subnetwork String
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config ClusterTpu Config TPU configuration for the cluster.
- vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Identity ClusterConfig Workload Identity Config Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config ClusterAddons Config The configuration for addons supported by GKE. Structure is documented below.
- allow
Net booleanAdmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- authenticator
Groups ClusterConfig Authenticator Groups Config Configuration for the Google Groups for GKE feature. Structure is documented below.
- Cluster
Binary Authorization Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling ClusterCluster Autoscaling Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr string The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- cluster
Telemetry ClusterCluster Telemetry Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes ClusterConfidential Nodes Configuration for Confidential Nodes feature. Structure is documented below documented below.
- cost
Management ClusterConfig Cost Management Config Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption ClusterDatabase Encryption Structure is documented below.
- datapath
Provider string The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- default
Max numberPods Per Node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat ClusterStatus Default Snat Status GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- description string
Description of the cluster.
- dns
Config ClusterDns Config Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable
Autopilot boolean Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- boolean
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- enable
Fqdn booleanNetwork Policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- enable
Intranode booleanVisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s ClusterBeta Apis Enable K8s Beta Apis Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes booleanAlpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb booleanSubsetting Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy booleanAbac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- enable
Multi booleanNetworking ) Whether multi-networking is enabled for this cluster.
- enable
Shielded booleanNodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- enable
Tpu boolean Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- gateway
Api ClusterConfig Gateway Api Config Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service ClusterConfig Identity Service Config . Structure is documented below.
- initial
Node numberCount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- ip
Allocation ClusterPolicy Ip Allocation Policy Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- location string
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- logging
Config ClusterLogging Config Logging configuration for the cluster. Structure is documented below.
- logging
Service string The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- maintenance
Policy ClusterMaintenance Policy The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth ClusterMaster Auth The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Cluster
Master Authorized Networks Config The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- mesh
Certificates ClusterMesh Certificates Structure is documented below.
- min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config ClusterMonitoring Config Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service string The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- name string
The name of the cluster, unique within the project and location.
- network string
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy ClusterNetwork Policy Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode string Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- node
Config ClusterNode Config Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- node
Locations string[] The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool ClusterAuto Config Node Pool Auto Config ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool ClusterDefaults Node Pool Defaults Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools ClusterNode Pool[] List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version string The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- notification
Config ClusterNotification Config Configuration for the cluster upgrade notifications feature. Structure is documented below.
- pod
Security ClusterPolicy Config Pod Security Policy Config ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster ClusterConfig Private Cluster Config Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google stringAccess The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config ClusterProtect Config ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- release
Channel ClusterRelease Channel Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- remove
Default booleanNode Pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- resource
Labels {[key: string]: string} The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- resource
Usage ClusterExport Config Resource Usage Export Config Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- security
Posture ClusterConfig Security Posture Config Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- service
External ClusterIps Config Service External Ips Config Structure is documented below.
- subnetwork string
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config ClusterTpu Config TPU configuration for the cluster.
- vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Identity ClusterConfig Workload Identity Config Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons_
config ClusterAddons Config Args The configuration for addons supported by GKE. Structure is documented below.
- allow_
net_ booladmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- authenticator_
groups_ Clusterconfig Authenticator Groups Config Args Configuration for the Google Groups for GKE feature. Structure is documented below.
- Cluster
Binary Authorization Args Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster_
autoscaling ClusterCluster Autoscaling Args Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster_
ipv4_ strcidr The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- cluster_
telemetry ClusterCluster Telemetry Args Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential_
nodes ClusterConfidential Nodes Args Configuration for Confidential Nodes feature. Structure is documented below documented below.
- cost_
management_ Clusterconfig Cost Management Config Args Configuration for the Cost Allocation feature. Structure is documented below.
- database_
encryption ClusterDatabase Encryption Args Structure is documented below.
- datapath_
provider str The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- default_
max_ intpods_ per_ node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default_
snat_ Clusterstatus Default Snat Status Args GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- description str
Description of the cluster.
- dns_
config ClusterDns Config Args Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable_
autopilot bool Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- bool
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- enable_
fqdn_ boolnetwork_ policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- enable_
intranode_ boolvisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable_
k8s_ Clusterbeta_ apis Enable K8s Beta Apis Args Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable_
kubernetes_ boolalpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable_
l4_ boolilb_ subsetting Whether L4ILB Subsetting is enabled for this cluster.
- enable_
legacy_ boolabac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- enable_
multi_ boolnetworking ) Whether multi-networking is enabled for this cluster.
- enable_
shielded_ boolnodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- enable_
tpu bool Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- gateway_
api_ Clusterconfig Gateway Api Config Args Configuration for GKE Gateway API controller. Structure is documented below.
- identity_
service_ Clusterconfig Identity Service Config Args . Structure is documented below.
- initial_
node_ intcount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- ip_
allocation_ Clusterpolicy Ip Allocation Policy Args Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- location str
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- logging_
config ClusterLogging Config Args Logging configuration for the cluster. Structure is documented below.
- logging_
service str The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- maintenance_
policy ClusterMaintenance Policy Args The maintenance policy to use for the cluster. Structure is documented below.
- master_
auth ClusterMaster Auth Args The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Cluster
Master Authorized Networks Config Args The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- mesh_
certificates ClusterMesh Certificates Args Structure is documented below.
- min_
master_ strversion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring_
config ClusterMonitoring Config Args Monitoring configuration for the cluster. Structure is documented below.
- monitoring_
service str The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- name str
The name of the cluster, unique within the project and location.
- network str
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network_
policy ClusterNetwork Policy Args Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking_
mode str Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- node_
config ClusterNode Config Args Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- node_
locations Sequence[str] The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node_
pool_ Clusterauto_ config Node Pool Auto Config Args ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node_
pool_ Clusterdefaults Node Pool Defaults Args Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node_
pools Sequence[ClusterNode Pool Args] List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node_
version str The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- notification_
config ClusterNotification Config Args Configuration for the cluster upgrade notifications feature. Structure is documented below.
- pod_
security_ Clusterpolicy_ config Pod Security Policy Config Args ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private_
cluster_ Clusterconfig Private Cluster Config Args Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private_
ipv6_ strgoogle_ access The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect_
config ClusterProtect Config Args ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- release_
channel ClusterRelease Channel Args Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- remove_
default_ boolnode_ pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- resource_
labels Mapping[str, str] The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- resource_
usage_ Clusterexport_ config Resource Usage Export Config Args Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- security_
posture_ Clusterconfig Security Posture Config Args Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- service_
external_ Clusterips_ config Service External Ips Config Args Structure is documented below.
- subnetwork str
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu_
config ClusterTpu Config Args TPU configuration for the cluster.
- vertical_
pod_ Clusterautoscaling Vertical Pod Autoscaling Args Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload_
identity_ Clusterconfig Workload Identity Config Args Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config Property Map The configuration for addons supported by GKE. Structure is documented below.
- allow
Net BooleanAdmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- authenticator
Groups Property MapConfig Configuration for the Google Groups for GKE feature. Structure is documented below.
- Property Map
Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling Property Map Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr String The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- cluster
Telemetry Property Map Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes Property Map Configuration for Confidential Nodes feature. Structure is documented below documented below.
- cost
Management Property MapConfig Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption Property Map Structure is documented below.
- datapath
Provider String The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- default
Max NumberPods Per Node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat Property MapStatus GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- description String
Description of the cluster.
- dns
Config Property Map Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable
Autopilot Boolean Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- Boolean
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- enable
Fqdn BooleanNetwork Policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- enable
Intranode BooleanVisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s Property MapBeta Apis Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes BooleanAlpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb BooleanSubsetting Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy BooleanAbac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- enable
Multi BooleanNetworking ) Whether multi-networking is enabled for this cluster.
- enable
Shielded BooleanNodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- enable
Tpu Boolean Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- gateway
Api Property MapConfig Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service Property MapConfig . Structure is documented below.
- initial
Node NumberCount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- ip
Allocation Property MapPolicy Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- location String
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- logging
Config Property Map Logging configuration for the cluster. Structure is documented below.
- logging
Service String The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- maintenance
Policy Property Map The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth Property Map The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Property Map
The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- mesh
Certificates Property Map Structure is documented below.
- min
Master StringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config Property Map Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service String The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- name String
The name of the cluster, unique within the project and location.
- network String
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy Property Map Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode String Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- node
Config Property Map Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- node
Locations List<String> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool Property MapAuto Config ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool Property MapDefaults Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools List<Property Map> List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version String The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- notification
Config Property Map Configuration for the cluster upgrade notifications feature. Structure is documented below.
- pod
Security Property MapPolicy Config ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster Property MapConfig Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google StringAccess The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config Property Map ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- release
Channel Property Map Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- remove
Default BooleanNode Pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- resource
Labels Map<String> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- resource
Usage Property MapExport Config Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- security
Posture Property MapConfig Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- service
External Property MapIps Config Structure is documented below.
- subnetwork String
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config Property Map TPU configuration for the cluster.
- vertical
Pod Property MapAutoscaling Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Identity Property MapConfig Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the Cluster resource produces the following output properties:
- Endpoint string
The IP address of this cluster's Kubernetes master.
- Id string
The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string The fingerprint of the set of labels for this cluster.
- Master
Version string The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- Operation string
- Self
Link string The server-defined URL for the resource.
- Services
Ipv4Cidr string The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- Tpu
Ipv4Cidr stringBlock The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).
- Endpoint string
The IP address of this cluster's Kubernetes master.
- Id string
The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string The fingerprint of the set of labels for this cluster.
- Master
Version string The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- Operation string
- Self
Link string The server-defined URL for the resource.
- Services
Ipv4Cidr string The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- Tpu
Ipv4Cidr stringBlock The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).
- endpoint String
The IP address of this cluster's Kubernetes master.
- id String
The provider-assigned unique ID for this managed resource.
- label
Fingerprint String The fingerprint of the set of labels for this cluster.
- master
Version String The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- operation String
- self
Link String The server-defined URL for the resource.
- services
Ipv4Cidr String The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- tpu
Ipv4Cidr StringBlock The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).
- endpoint string
The IP address of this cluster's Kubernetes master.
- id string
The provider-assigned unique ID for this managed resource.
- label
Fingerprint string The fingerprint of the set of labels for this cluster.
- master
Version string The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- operation string
- self
Link string The server-defined URL for the resource.
- services
Ipv4Cidr string The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- tpu
Ipv4Cidr stringBlock The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).
- endpoint str
The IP address of this cluster's Kubernetes master.
- id str
The provider-assigned unique ID for this managed resource.
- label_
fingerprint str The fingerprint of the set of labels for this cluster.
- master_
version str The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- operation str
- self_
link str The server-defined URL for the resource.
- services_
ipv4_ strcidr The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- tpu_
ipv4_ strcidr_ block The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).
- endpoint String
The IP address of this cluster's Kubernetes master.
- id String
The provider-assigned unique ID for this managed resource.
- label
Fingerprint String The fingerprint of the set of labels for this cluster.
- master
Version String The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- operation String
- self
Link String The server-defined URL for the resource.
- services
Ipv4Cidr String The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- tpu
Ipv4Cidr StringBlock The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).
Look up Existing Cluster Resource
Get an existing Cluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ClusterState, opts?: CustomResourceOptions): Cluster
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
addons_config: Optional[ClusterAddonsConfigArgs] = None,
allow_net_admin: Optional[bool] = None,
authenticator_groups_config: Optional[ClusterAuthenticatorGroupsConfigArgs] = None,
binary_authorization: Optional[ClusterBinaryAuthorizationArgs] = None,
cluster_autoscaling: Optional[ClusterClusterAutoscalingArgs] = None,
cluster_ipv4_cidr: Optional[str] = None,
cluster_telemetry: Optional[ClusterClusterTelemetryArgs] = None,
confidential_nodes: Optional[ClusterConfidentialNodesArgs] = None,
cost_management_config: Optional[ClusterCostManagementConfigArgs] = None,
database_encryption: Optional[ClusterDatabaseEncryptionArgs] = None,
datapath_provider: Optional[str] = None,
default_max_pods_per_node: Optional[int] = None,
default_snat_status: Optional[ClusterDefaultSnatStatusArgs] = None,
description: Optional[str] = None,
dns_config: Optional[ClusterDnsConfigArgs] = None,
enable_autopilot: Optional[bool] = None,
enable_binary_authorization: Optional[bool] = None,
enable_fqdn_network_policy: Optional[bool] = None,
enable_intranode_visibility: Optional[bool] = None,
enable_k8s_beta_apis: Optional[ClusterEnableK8sBetaApisArgs] = None,
enable_kubernetes_alpha: Optional[bool] = None,
enable_l4_ilb_subsetting: Optional[bool] = None,
enable_legacy_abac: Optional[bool] = None,
enable_multi_networking: Optional[bool] = None,
enable_shielded_nodes: Optional[bool] = None,
enable_tpu: Optional[bool] = None,
endpoint: Optional[str] = None,
gateway_api_config: Optional[ClusterGatewayApiConfigArgs] = None,
identity_service_config: Optional[ClusterIdentityServiceConfigArgs] = None,
initial_node_count: Optional[int] = None,
ip_allocation_policy: Optional[ClusterIpAllocationPolicyArgs] = None,
label_fingerprint: Optional[str] = None,
location: Optional[str] = None,
logging_config: Optional[ClusterLoggingConfigArgs] = None,
logging_service: Optional[str] = None,
maintenance_policy: Optional[ClusterMaintenancePolicyArgs] = None,
master_auth: Optional[ClusterMasterAuthArgs] = None,
master_authorized_networks_config: Optional[ClusterMasterAuthorizedNetworksConfigArgs] = None,
master_version: Optional[str] = None,
mesh_certificates: Optional[ClusterMeshCertificatesArgs] = None,
min_master_version: Optional[str] = None,
monitoring_config: Optional[ClusterMonitoringConfigArgs] = None,
monitoring_service: Optional[str] = None,
name: Optional[str] = None,
network: Optional[str] = None,
network_policy: Optional[ClusterNetworkPolicyArgs] = None,
networking_mode: Optional[str] = None,
node_config: Optional[ClusterNodeConfigArgs] = None,
node_locations: Optional[Sequence[str]] = None,
node_pool_auto_config: Optional[ClusterNodePoolAutoConfigArgs] = None,
node_pool_defaults: Optional[ClusterNodePoolDefaultsArgs] = None,
node_pools: Optional[Sequence[ClusterNodePoolArgs]] = None,
node_version: Optional[str] = None,
notification_config: Optional[ClusterNotificationConfigArgs] = None,
operation: Optional[str] = None,
pod_security_policy_config: Optional[ClusterPodSecurityPolicyConfigArgs] = None,
private_cluster_config: Optional[ClusterPrivateClusterConfigArgs] = None,
private_ipv6_google_access: Optional[str] = None,
project: Optional[str] = None,
protect_config: Optional[ClusterProtectConfigArgs] = None,
release_channel: Optional[ClusterReleaseChannelArgs] = None,
remove_default_node_pool: Optional[bool] = None,
resource_labels: Optional[Mapping[str, str]] = None,
resource_usage_export_config: Optional[ClusterResourceUsageExportConfigArgs] = None,
security_posture_config: Optional[ClusterSecurityPostureConfigArgs] = None,
self_link: Optional[str] = None,
service_external_ips_config: Optional[ClusterServiceExternalIpsConfigArgs] = None,
services_ipv4_cidr: Optional[str] = None,
subnetwork: Optional[str] = None,
tpu_config: Optional[ClusterTpuConfigArgs] = None,
tpu_ipv4_cidr_block: Optional[str] = None,
vertical_pod_autoscaling: Optional[ClusterVerticalPodAutoscalingArgs] = None,
workload_identity_config: Optional[ClusterWorkloadIdentityConfigArgs] = None) -> Cluster
func GetCluster(ctx *Context, name string, id IDInput, state *ClusterState, opts ...ResourceOption) (*Cluster, error)
public static Cluster Get(string name, Input<string> id, ClusterState? state, CustomResourceOptions? opts = null)
public static Cluster get(String name, Output<String> id, ClusterState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Addons
Config ClusterAddons Config The configuration for addons supported by GKE. Structure is documented below.
- Allow
Net boolAdmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- Authenticator
Groups ClusterConfig Authenticator Groups Config Configuration for the Google Groups for GKE feature. Structure is documented below.
- Cluster
Binary Authorization Configuration options for the Binary Authorization feature. Structure is documented below.
- Cluster
Autoscaling ClusterCluster Autoscaling Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- Cluster
Ipv4Cidr string The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- Cluster
Telemetry ClusterCluster Telemetry Configuration for ClusterTelemetry feature, Structure is documented below.
- Confidential
Nodes ClusterConfidential Nodes Configuration for Confidential Nodes feature. Structure is documented below documented below.
- Cost
Management ClusterConfig Cost Management Config Configuration for the Cost Allocation feature. Structure is documented below.
- Database
Encryption ClusterDatabase Encryption Structure is documented below.
- Datapath
Provider string The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- Default
Max intPods Per Node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- Default
Snat ClusterStatus Default Snat Status GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- Description string
Description of the cluster.
- Dns
Config ClusterDns Config Configuration for Using Cloud DNS for GKE. Structure is documented below.
- Enable
Autopilot bool Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- bool
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- Enable
Fqdn boolNetwork Policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- Enable
Intranode boolVisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- Enable
K8s ClusterBeta Apis Enable K8s Beta Apis Configuration for Kubernetes Beta APIs. Structure is documented below.
- Enable
Kubernetes boolAlpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- Enable
L4Ilb boolSubsetting Whether L4ILB Subsetting is enabled for this cluster.
- Enable
Legacy boolAbac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- Enable
Multi boolNetworking ) Whether multi-networking is enabled for this cluster.
- Enable
Shielded boolNodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- Enable
Tpu bool Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- Endpoint string
The IP address of this cluster's Kubernetes master.
- Gateway
Api ClusterConfig Gateway Api Config Configuration for GKE Gateway API controller. Structure is documented below.
- Identity
Service ClusterConfig Identity Service Config . Structure is documented below.
- Initial
Node intCount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- Ip
Allocation ClusterPolicy Ip Allocation Policy Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- Label
Fingerprint string The fingerprint of the set of labels for this cluster.
- Location string
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- Logging
Config ClusterLogging Config Logging configuration for the cluster. Structure is documented below.
- Logging
Service string The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- Maintenance
Policy ClusterMaintenance Policy The maintenance policy to use for the cluster. Structure is documented below.
- Master
Auth ClusterMaster Auth The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Cluster
Master Authorized Networks Config The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- Master
Version string The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- Mesh
Certificates ClusterMesh Certificates Structure is documented below.
- Min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- Monitoring
Config ClusterMonitoring Config Monitoring configuration for the cluster. Structure is documented below.
- Monitoring
Service string The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- Name string
The name of the cluster, unique within the project and location.
- Network string
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- Network
Policy ClusterNetwork Policy Configuration options for the NetworkPolicy feature. Structure is documented below.
- Networking
Mode string Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- Node
Config ClusterNode Config Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- Node
Locations List<string> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- Node
Pool ClusterAuto Config Node Pool Auto Config ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- Node
Pool ClusterDefaults Node Pool Defaults Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- Node
Pools List<ClusterNode Pool> List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- Node
Version string The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- Notification
Config ClusterNotification Config Configuration for the cluster upgrade notifications feature. Structure is documented below.
- Operation string
- Pod
Security ClusterPolicy Config Pod Security Policy Config ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- Private
Cluster ClusterConfig Private Cluster Config Configuration for private clusters, clusters with private nodes. Structure is documented below.
- Private
Ipv6Google stringAccess The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protect
Config ClusterProtect Config ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- Release
Channel ClusterRelease Channel Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- Remove
Default boolNode Pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- Resource
Labels Dictionary<string, string> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- Resource
Usage ClusterExport Config Resource Usage Export Config Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- Security
Posture ClusterConfig Security Posture Config Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- Self
Link string The server-defined URL for the resource.
- Service
External ClusterIps Config Service External Ips Config Structure is documented below.
- Services
Ipv4Cidr string The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- Subnetwork string
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- Tpu
Config ClusterTpu Config TPU configuration for the cluster.
- Tpu
Ipv4Cidr stringBlock The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).- Vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- Workload
Identity ClusterConfig Workload Identity Config Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- Addons
Config ClusterAddons Config Args The configuration for addons supported by GKE. Structure is documented below.
- Allow
Net boolAdmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- Authenticator
Groups ClusterConfig Authenticator Groups Config Args Configuration for the Google Groups for GKE feature. Structure is documented below.
- Cluster
Binary Authorization Args Configuration options for the Binary Authorization feature. Structure is documented below.
- Cluster
Autoscaling ClusterCluster Autoscaling Args Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- Cluster
Ipv4Cidr string The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- Cluster
Telemetry ClusterCluster Telemetry Args Configuration for ClusterTelemetry feature, Structure is documented below.
- Confidential
Nodes ClusterConfidential Nodes Args Configuration for Confidential Nodes feature. Structure is documented below documented below.
- Cost
Management ClusterConfig Cost Management Config Args Configuration for the Cost Allocation feature. Structure is documented below.
- Database
Encryption ClusterDatabase Encryption Args Structure is documented below.
- Datapath
Provider string The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- Default
Max intPods Per Node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- Default
Snat ClusterStatus Default Snat Status Args GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- Description string
Description of the cluster.
- Dns
Config ClusterDns Config Args Configuration for Using Cloud DNS for GKE. Structure is documented below.
- Enable
Autopilot bool Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- bool
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- Enable
Fqdn boolNetwork Policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- Enable
Intranode boolVisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- Enable
K8s ClusterBeta Apis Enable K8s Beta Apis Args Configuration for Kubernetes Beta APIs. Structure is documented below.
- Enable
Kubernetes boolAlpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- Enable
L4Ilb boolSubsetting Whether L4ILB Subsetting is enabled for this cluster.
- Enable
Legacy boolAbac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- Enable
Multi boolNetworking ) Whether multi-networking is enabled for this cluster.
- Enable
Shielded boolNodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- Enable
Tpu bool Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- Endpoint string
The IP address of this cluster's Kubernetes master.
- Gateway
Api ClusterConfig Gateway Api Config Args Configuration for GKE Gateway API controller. Structure is documented below.
- Identity
Service ClusterConfig Identity Service Config Args . Structure is documented below.
- Initial
Node intCount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- Ip
Allocation ClusterPolicy Ip Allocation Policy Args Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- Label
Fingerprint string The fingerprint of the set of labels for this cluster.
- Location string
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- Logging
Config ClusterLogging Config Args Logging configuration for the cluster. Structure is documented below.
- Logging
Service string The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- Maintenance
Policy ClusterMaintenance Policy Args The maintenance policy to use for the cluster. Structure is documented below.
- Master
Auth ClusterMaster Auth Args The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Cluster
Master Authorized Networks Config Args The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- Master
Version string The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- Mesh
Certificates ClusterMesh Certificates Args Structure is documented below.
- Min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- Monitoring
Config ClusterMonitoring Config Args Monitoring configuration for the cluster. Structure is documented below.
- Monitoring
Service string The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- Name string
The name of the cluster, unique within the project and location.
- Network string
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- Network
Policy ClusterNetwork Policy Args Configuration options for the NetworkPolicy feature. Structure is documented below.
- Networking
Mode string Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- Node
Config ClusterNode Config Args Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- Node
Locations []string The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- Node
Pool ClusterAuto Config Node Pool Auto Config Args ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- Node
Pool ClusterDefaults Node Pool Defaults Args Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- Node
Pools []ClusterNode Pool Args List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- Node
Version string The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- Notification
Config ClusterNotification Config Args Configuration for the cluster upgrade notifications feature. Structure is documented below.
- Operation string
- Pod
Security ClusterPolicy Config Pod Security Policy Config Args ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- Private
Cluster ClusterConfig Private Cluster Config Args Configuration for private clusters, clusters with private nodes. Structure is documented below.
- Private
Ipv6Google stringAccess The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protect
Config ClusterProtect Config Args ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- Release
Channel ClusterRelease Channel Args Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- Remove
Default boolNode Pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- Resource
Labels map[string]string The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- Resource
Usage ClusterExport Config Resource Usage Export Config Args Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- Security
Posture ClusterConfig Security Posture Config Args Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- Self
Link string The server-defined URL for the resource.
- Service
External ClusterIps Config Service External Ips Config Args Structure is documented below.
- Services
Ipv4Cidr string The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- Subnetwork string
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- Tpu
Config ClusterTpu Config Args TPU configuration for the cluster.
- Tpu
Ipv4Cidr stringBlock The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).- Vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling Args Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- Workload
Identity ClusterConfig Workload Identity Config Args Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config ClusterAddons Config The configuration for addons supported by GKE. Structure is documented below.
- allow
Net BooleanAdmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- authenticator
Groups ClusterConfig Authenticator Groups Config Configuration for the Google Groups for GKE feature. Structure is documented below.
- Cluster
Binary Authorization Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling ClusterCluster Autoscaling Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr String The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- cluster
Telemetry ClusterCluster Telemetry Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes ClusterConfidential Nodes Configuration for Confidential Nodes feature. Structure is documented below documented below.
- cost
Management ClusterConfig Cost Management Config Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption ClusterDatabase Encryption Structure is documented below.
- datapath
Provider String The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- default
Max IntegerPods Per Node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat ClusterStatus Default Snat Status GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- description String
Description of the cluster.
- dns
Config ClusterDns Config Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable
Autopilot Boolean Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- Boolean
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- enable
Fqdn BooleanNetwork Policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- enable
Intranode BooleanVisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s ClusterBeta Apis Enable K8s Beta Apis Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes BooleanAlpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb BooleanSubsetting Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy BooleanAbac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- enable
Multi BooleanNetworking ) Whether multi-networking is enabled for this cluster.
- enable
Shielded BooleanNodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- enable
Tpu Boolean Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- endpoint String
The IP address of this cluster's Kubernetes master.
- gateway
Api ClusterConfig Gateway Api Config Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service ClusterConfig Identity Service Config . Structure is documented below.
- initial
Node IntegerCount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- ip
Allocation ClusterPolicy Ip Allocation Policy Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- label
Fingerprint String The fingerprint of the set of labels for this cluster.
- location String
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- logging
Config ClusterLogging Config Logging configuration for the cluster. Structure is documented below.
- logging
Service String The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- maintenance
Policy ClusterMaintenance Policy The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth ClusterMaster Auth The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Cluster
Master Authorized Networks Config The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- master
Version String The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- mesh
Certificates ClusterMesh Certificates Structure is documented below.
- min
Master StringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config ClusterMonitoring Config Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service String The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- name String
The name of the cluster, unique within the project and location.
- network String
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy ClusterNetwork Policy Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode String Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- node
Config ClusterNode Config Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- node
Locations List<String> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool ClusterAuto Config Node Pool Auto Config ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool ClusterDefaults Node Pool Defaults Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools List<ClusterNode Pool> List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version String The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- notification
Config ClusterNotification Config Configuration for the cluster upgrade notifications feature. Structure is documented below.
- operation String
- pod
Security ClusterPolicy Config Pod Security Policy Config ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster ClusterConfig Private Cluster Config Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google StringAccess The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config ClusterProtect Config ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- release
Channel ClusterRelease Channel Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- remove
Default BooleanNode Pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- resource
Labels Map<String,String> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- resource
Usage ClusterExport Config Resource Usage Export Config Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- security
Posture ClusterConfig Security Posture Config Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- self
Link String The server-defined URL for the resource.
- service
External ClusterIps Config Service External Ips Config Structure is documented below.
- services
Ipv4Cidr String The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- subnetwork String
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config ClusterTpu Config TPU configuration for the cluster.
- tpu
Ipv4Cidr StringBlock The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).- vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Identity ClusterConfig Workload Identity Config Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config ClusterAddons Config The configuration for addons supported by GKE. Structure is documented below.
- allow
Net booleanAdmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- authenticator
Groups ClusterConfig Authenticator Groups Config Configuration for the Google Groups for GKE feature. Structure is documented below.
- Cluster
Binary Authorization Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling ClusterCluster Autoscaling Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr string The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- cluster
Telemetry ClusterCluster Telemetry Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes ClusterConfidential Nodes Configuration for Confidential Nodes feature. Structure is documented below documented below.
- cost
Management ClusterConfig Cost Management Config Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption ClusterDatabase Encryption Structure is documented below.
- datapath
Provider string The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- default
Max numberPods Per Node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat ClusterStatus Default Snat Status GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- description string
Description of the cluster.
- dns
Config ClusterDns Config Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable
Autopilot boolean Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- boolean
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- enable
Fqdn booleanNetwork Policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- enable
Intranode booleanVisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s ClusterBeta Apis Enable K8s Beta Apis Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes booleanAlpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb booleanSubsetting Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy booleanAbac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- enable
Multi booleanNetworking ) Whether multi-networking is enabled for this cluster.
- enable
Shielded booleanNodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- enable
Tpu boolean Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- endpoint string
The IP address of this cluster's Kubernetes master.
- gateway
Api ClusterConfig Gateway Api Config Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service ClusterConfig Identity Service Config . Structure is documented below.
- initial
Node numberCount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- ip
Allocation ClusterPolicy Ip Allocation Policy Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- label
Fingerprint string The fingerprint of the set of labels for this cluster.
- location string
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- logging
Config ClusterLogging Config Logging configuration for the cluster. Structure is documented below.
- logging
Service string The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- maintenance
Policy ClusterMaintenance Policy The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth ClusterMaster Auth The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Cluster
Master Authorized Networks Config The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- master
Version string The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- mesh
Certificates ClusterMesh Certificates Structure is documented below.
- min
Master stringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config ClusterMonitoring Config Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service string The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- name string
The name of the cluster, unique within the project and location.
- network string
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy ClusterNetwork Policy Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode string Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- node
Config ClusterNode Config Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- node
Locations string[] The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool ClusterAuto Config Node Pool Auto Config ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool ClusterDefaults Node Pool Defaults Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools ClusterNode Pool[] List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version string The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- notification
Config ClusterNotification Config Configuration for the cluster upgrade notifications feature. Structure is documented below.
- operation string
- pod
Security ClusterPolicy Config Pod Security Policy Config ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster ClusterConfig Private Cluster Config Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google stringAccess The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config ClusterProtect Config ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- release
Channel ClusterRelease Channel Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- remove
Default booleanNode Pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- resource
Labels {[key: string]: string} The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- resource
Usage ClusterExport Config Resource Usage Export Config Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- security
Posture ClusterConfig Security Posture Config Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- self
Link string The server-defined URL for the resource.
- service
External ClusterIps Config Service External Ips Config Structure is documented below.
- services
Ipv4Cidr string The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- subnetwork string
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config ClusterTpu Config TPU configuration for the cluster.
- tpu
Ipv4Cidr stringBlock The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).- vertical
Pod ClusterAutoscaling Vertical Pod Autoscaling Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Identity ClusterConfig Workload Identity Config Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons_
config ClusterAddons Config Args The configuration for addons supported by GKE. Structure is documented below.
- allow_
net_ booladmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- authenticator_
groups_ Clusterconfig Authenticator Groups Config Args Configuration for the Google Groups for GKE feature. Structure is documented below.
- Cluster
Binary Authorization Args Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster_
autoscaling ClusterCluster Autoscaling Args Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster_
ipv4_ strcidr The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- cluster_
telemetry ClusterCluster Telemetry Args Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential_
nodes ClusterConfidential Nodes Args Configuration for Confidential Nodes feature. Structure is documented below documented below.
- cost_
management_ Clusterconfig Cost Management Config Args Configuration for the Cost Allocation feature. Structure is documented below.
- database_
encryption ClusterDatabase Encryption Args Structure is documented below.
- datapath_
provider str The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- default_
max_ intpods_ per_ node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default_
snat_ Clusterstatus Default Snat Status Args GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- description str
Description of the cluster.
- dns_
config ClusterDns Config Args Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable_
autopilot bool Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- bool
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- enable_
fqdn_ boolnetwork_ policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- enable_
intranode_ boolvisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable_
k8s_ Clusterbeta_ apis Enable K8s Beta Apis Args Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable_
kubernetes_ boolalpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable_
l4_ boolilb_ subsetting Whether L4ILB Subsetting is enabled for this cluster.
- enable_
legacy_ boolabac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- enable_
multi_ boolnetworking ) Whether multi-networking is enabled for this cluster.
- enable_
shielded_ boolnodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- enable_
tpu bool Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- endpoint str
The IP address of this cluster's Kubernetes master.
- gateway_
api_ Clusterconfig Gateway Api Config Args Configuration for GKE Gateway API controller. Structure is documented below.
- identity_
service_ Clusterconfig Identity Service Config Args . Structure is documented below.
- initial_
node_ intcount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- ip_
allocation_ Clusterpolicy Ip Allocation Policy Args Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- label_
fingerprint str The fingerprint of the set of labels for this cluster.
- location str
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- logging_
config ClusterLogging Config Args Logging configuration for the cluster. Structure is documented below.
- logging_
service str The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- maintenance_
policy ClusterMaintenance Policy Args The maintenance policy to use for the cluster. Structure is documented below.
- master_
auth ClusterMaster Auth Args The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Cluster
Master Authorized Networks Config Args The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- master_
version str The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- mesh_
certificates ClusterMesh Certificates Args Structure is documented below.
- min_
master_ strversion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring_
config ClusterMonitoring Config Args Monitoring configuration for the cluster. Structure is documented below.
- monitoring_
service str The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- name str
The name of the cluster, unique within the project and location.
- network str
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network_
policy ClusterNetwork Policy Args Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking_
mode str Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- node_
config ClusterNode Config Args Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- node_
locations Sequence[str] The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node_
pool_ Clusterauto_ config Node Pool Auto Config Args ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node_
pool_ Clusterdefaults Node Pool Defaults Args Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node_
pools Sequence[ClusterNode Pool Args] List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node_
version str The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- notification_
config ClusterNotification Config Args Configuration for the cluster upgrade notifications feature. Structure is documented below.
- operation str
- pod_
security_ Clusterpolicy_ config Pod Security Policy Config Args ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private_
cluster_ Clusterconfig Private Cluster Config Args Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private_
ipv6_ strgoogle_ access The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect_
config ClusterProtect Config Args ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- release_
channel ClusterRelease Channel Args Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- remove_
default_ boolnode_ pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- resource_
labels Mapping[str, str] The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- resource_
usage_ Clusterexport_ config Resource Usage Export Config Args Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- security_
posture_ Clusterconfig Security Posture Config Args Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- self_
link str The server-defined URL for the resource.
- service_
external_ Clusterips_ config Service External Ips Config Args Structure is documented below.
- services_
ipv4_ strcidr The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- subnetwork str
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu_
config ClusterTpu Config Args TPU configuration for the cluster.
- tpu_
ipv4_ strcidr_ block The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).- vertical_
pod_ Clusterautoscaling Vertical Pod Autoscaling Args Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload_
identity_ Clusterconfig Workload Identity Config Args Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
- addons
Config Property Map The configuration for addons supported by GKE. Structure is documented below.
- allow
Net BooleanAdmin Enable NET_ADMIN for the cluster. Defaults to
false
. This field should only be enabled for Autopilot clusters (enable_autopilot
set totrue
).- authenticator
Groups Property MapConfig Configuration for the Google Groups for GKE feature. Structure is documented below.
- Property Map
Configuration options for the Binary Authorization feature. Structure is documented below.
- cluster
Autoscaling Property Map Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
- cluster
Ipv4Cidr String The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g.
10.96.0.0/14
). Leave blank to have one automatically chosen or specify a/14
block in10.0.0.0/8
. This field will only work for routes-based clusters, whereip_allocation_policy
is not defined.- cluster
Telemetry Property Map Configuration for ClusterTelemetry feature, Structure is documented below.
- confidential
Nodes Property Map Configuration for Confidential Nodes feature. Structure is documented below documented below.
- cost
Management Property MapConfig Configuration for the Cost Allocation feature. Structure is documented below.
- database
Encryption Property Map Structure is documented below.
- datapath
Provider String The desired datapath provider for this cluster. This is set to
LEGACY_DATAPATH
by default, which uses the IPTables-based kube-proxy implementation. Set toADVANCED_DATAPATH
to enable Dataplane v2.- default
Max NumberPods Per Node The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
- default
Snat Property MapStatus GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
- description String
Description of the cluster.
- dns
Config Property Map Configuration for Using Cloud DNS for GKE. Structure is documented below.
- enable
Autopilot Boolean Enable Autopilot for this cluster. Defaults to
false
. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.- Boolean
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of
binary_authorization
.Deprecated in favor of binary_authorization.
- enable
Fqdn BooleanNetwork Policy ) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2
anetd
DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information.- enable
Intranode BooleanVisibility Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
- enable
K8s Property MapBeta Apis Configuration for Kubernetes Beta APIs. Structure is documented below.
- enable
Kubernetes BooleanAlpha Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
- enable
L4Ilb BooleanSubsetting Whether L4ILB Subsetting is enabled for this cluster.
- enable
Legacy BooleanAbac Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to
false
- enable
Multi BooleanNetworking ) Whether multi-networking is enabled for this cluster.
- enable
Shielded BooleanNodes Enable Shielded Nodes features on all nodes in this cluster. Defaults to
true
.- enable
Tpu Boolean Whether to enable Cloud TPU resources in this cluster. See the official documentation.
- endpoint String
The IP address of this cluster's Kubernetes master.
- gateway
Api Property MapConfig Configuration for GKE Gateway API controller. Structure is documented below.
- identity
Service Property MapConfig . Structure is documented below.
- initial
Node NumberCount The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if
node_pool
is not set. If you're usinggcp.container.NodePool
objects with no default node pool, you'll need to set this to a value of at least1
, alongside settingremove_default_node_pool
totrue
.- ip
Allocation Property MapPolicy Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
- label
Fingerprint String The fingerprint of the set of labels for this cluster.
- location String
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as
us-central1-a
), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such asus-west1
), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well- logging
Config Property Map Logging configuration for the cluster. Structure is documented below.
- logging
Service String The logging service that the cluster should write logs to. Available options include
logging.googleapis.com
(Legacy Stackdriver),logging.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Logging), andnone
. Defaults tologging.googleapis.com/kubernetes
- maintenance
Policy Property Map The maintenance policy to use for the cluster. Structure is documented below.
- master
Auth Property Map The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the
container.clusters.getCredentials
permission. Structure is documented below.- Property Map
The desired configuration options for master authorized networks. Omit the nested
cidr_blocks
attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.- master
Version String The current version of the master in the cluster. This may be different than the
min_master_version
set in the config if the master has been updated by GKE.- mesh
Certificates Property Map Structure is documented below.
- min
Master StringVersion The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only
master_version
field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find thegcp.container.getEngineVersions
data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.If you are using the
gcp.container.getEngineVersions
datasource with a regional cluster, ensure that you have provided alocation
to the datasource. A region can have a different set of supported versions than its corresponding zones, and not all zones in a region are guaranteed to support the same version.- monitoring
Config Property Map Monitoring configuration for the cluster. Structure is documented below.
- monitoring
Service String The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include
monitoring.googleapis.com
(Legacy Stackdriver),monitoring.googleapis.com/kubernetes
(Stackdriver Kubernetes Engine Monitoring), andnone
. Defaults tomonitoring.googleapis.com/kubernetes
- name String
The name of the cluster, unique within the project and location.
- network String
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
- network
Policy Property Map Configuration options for the NetworkPolicy feature. Structure is documented below.
- networking
Mode String Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are
VPC_NATIVE
orROUTES
.VPC_NATIVE
enables IP aliasing, and requires theip_allocation_policy
block to be defined. By default, when this field is unspecified and noip_allocation_policy
blocks are set, GKE will create aROUTES
-based cluster.- node
Config Property Map Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a
gcp.container.NodePool
or anode_pool
block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.- node
Locations List<String> The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
A "multi-zonal" cluster is a zonal cluster with at least one additional zone defined; in a multi-zonal cluster, the cluster master is only present in a single zone while nodes are present in each of the primary zone and the node locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred.
- node
Pool Property MapAuto Config ) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below.
- node
Pool Property MapDefaults Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
- node
Pools List<Property Map> List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.
- node
Version String The Kubernetes version on the nodes. Must either be unset or set to the same value as
min_master_version
on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See thegcp.container.getEngineVersions
data source'sversion_prefix
field to approximate fuzzy versions. To update nodes in other node pools, use theversion
attribute on the node pool.- notification
Config Property Map Configuration for the cluster upgrade notifications feature. Structure is documented below.
- operation String
- pod
Security Property MapPolicy Config ) Configuration for the PodSecurityPolicy feature. Structure is documented below.
- private
Cluster Property MapConfig Configuration for private clusters, clusters with private nodes. Structure is documented below.
- private
Ipv6Google StringAccess The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protect
Config Property Map ) Enable/Disable Protect API features for the cluster. Structure is documented below.
- release
Channel Property Map Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the
gcp.container.getEngineVersions
datasource can provide the default version for a channel. Note that removing therelease_channel
field from your config will cause the provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the"UNSPECIFIED"
channel. Structure is documented below.- remove
Default BooleanNode Pool If
true
, deletes the default node pool upon cluster creation. If you're usinggcp.container.NodePool
resources with no default node pool, this should be set totrue
, alongside settinginitial_node_count
to at least1
.- resource
Labels Map<String> The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
- resource
Usage Property MapExport Config Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
- security
Posture Property MapConfig Enable/Disable Security Posture API features for the cluster. Structure is documented below.
The
default_snat_status
block supports- self
Link String The server-defined URL for the resource.
- service
External Property MapIps Config Structure is documented below.
- services
Ipv4Cidr String The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g.
1.2.3.4/29
). Service addresses are typically put in the last/16
from the container CIDR.- subnetwork String
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
- tpu
Config Property Map TPU configuration for the cluster.
- tpu
Ipv4Cidr StringBlock The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.
1.2.3.4/29
).- vertical
Pod Property MapAutoscaling Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
- workload
Identity Property MapConfig Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
Supporting Types
ClusterAddonsConfig, ClusterAddonsConfigArgs
- Cloudrun
Config ClusterAddons Config Cloudrun Config . Structure is documented below.
- Config
Connector ClusterConfig Addons Config Config Connector Config . The status of the ConfigConnector addon. It is disabled by default; Set
enabled = true
to enable.This example
addons_config
disables two addons:import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
The
binary_authorization
block supports:- Dns
Cache ClusterConfig Addons Config Dns Cache Config . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = true
to enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- Gce
Persistent ClusterDisk Csi Driver Config Addons Config Gce Persistent Disk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set
enabled = true
to enabled.- Gcp
Filestore ClusterCsi Driver Config Addons Config Gcp Filestore Csi Driver Config The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set
enabled = true
to enable.- Gcs
Fuse ClusterCsi Driver Config Addons Config Gcs Fuse Csi Driver Config The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default; set
enabled = true
to enable.- Gke
Backup ClusterAgent Config Addons Config Gke Backup Agent Config . The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = true
to enable.- Horizontal
Pod ClusterAutoscaling Addons Config Horizontal Pod Autoscaling The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set
disabled = true
to disable.- Http
Load ClusterBalancing Addons Config Http Load Balancing The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set
disabled = true
to disable.- Istio
Config ClusterAddons Config Istio Config . Structure is documented below.
- Kalm
Config ClusterAddons Config Kalm Config . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = true
to enable.- Network
Policy ClusterConfig Addons Config Network Policy Config Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a
network_policy
block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = false
to enable.
- Cloudrun
Config ClusterAddons Config Cloudrun Config . Structure is documented below.
- Config
Connector ClusterConfig Addons Config Config Connector Config . The status of the ConfigConnector addon. It is disabled by default; Set
enabled = true
to enable.This example
addons_config
disables two addons:import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
The
binary_authorization
block supports:- Dns
Cache ClusterConfig Addons Config Dns Cache Config . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = true
to enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- Gce
Persistent ClusterDisk Csi Driver Config Addons Config Gce Persistent Disk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set
enabled = true
to enabled.- Gcp
Filestore ClusterCsi Driver Config Addons Config Gcp Filestore Csi Driver Config The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set
enabled = true
to enable.- Gcs
Fuse ClusterCsi Driver Config Addons Config Gcs Fuse Csi Driver Config The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default; set
enabled = true
to enable.- Gke
Backup ClusterAgent Config Addons Config Gke Backup Agent Config . The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = true
to enable.- Horizontal
Pod ClusterAutoscaling Addons Config Horizontal Pod Autoscaling The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set
disabled = true
to disable.- Http
Load ClusterBalancing Addons Config Http Load Balancing The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set
disabled = true
to disable.- Istio
Config ClusterAddons Config Istio Config . Structure is documented below.
- Kalm
Config ClusterAddons Config Kalm Config . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = true
to enable.- Network
Policy ClusterConfig Addons Config Network Policy Config Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a
network_policy
block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = false
to enable.
- cloudrun
Config ClusterAddons Config Cloudrun Config . Structure is documented below.
- config
Connector ClusterConfig Addons Config Config Connector Config . The status of the ConfigConnector addon. It is disabled by default; Set
enabled = true
to enable.This example
addons_config
disables two addons:import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
The
binary_authorization
block supports:- dns
Cache ClusterConfig Addons Config Dns Cache Config . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = true
to enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- gce
Persistent ClusterDisk Csi Driver Config Addons Config Gce Persistent Disk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set
enabled = true
to enabled.- gcp
Filestore ClusterCsi Driver Config Addons Config Gcp Filestore Csi Driver Config The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set
enabled = true
to enable.- gcs
Fuse ClusterCsi Driver Config Addons Config Gcs Fuse Csi Driver Config The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default; set
enabled = true
to enable.- gke
Backup ClusterAgent Config Addons Config Gke Backup Agent Config . The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = true
to enable.- horizontal
Pod ClusterAutoscaling Addons Config Horizontal Pod Autoscaling The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set
disabled = true
to disable.- http
Load ClusterBalancing Addons Config Http Load Balancing The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set
disabled = true
to disable.- istio
Config ClusterAddons Config Istio Config . Structure is documented below.
- kalm
Config ClusterAddons Config Kalm Config . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = true
to enable.- network
Policy ClusterConfig Addons Config Network Policy Config Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a
network_policy
block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = false
to enable.
- cloudrun
Config ClusterAddons Config Cloudrun Config . Structure is documented below.
- config
Connector ClusterConfig Addons Config Config Connector Config . The status of the ConfigConnector addon. It is disabled by default; Set
enabled = true
to enable.This example
addons_config
disables two addons:import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
The
binary_authorization
block supports:- dns
Cache ClusterConfig Addons Config Dns Cache Config . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = true
to enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- gce
Persistent ClusterDisk Csi Driver Config Addons Config Gce Persistent Disk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set
enabled = true
to enabled.- gcp
Filestore ClusterCsi Driver Config Addons Config Gcp Filestore Csi Driver Config The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set
enabled = true
to enable.- gcs
Fuse ClusterCsi Driver Config Addons Config Gcs Fuse Csi Driver Config The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default; set
enabled = true
to enable.- gke
Backup ClusterAgent Config Addons Config Gke Backup Agent Config . The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = true
to enable.- horizontal
Pod ClusterAutoscaling Addons Config Horizontal Pod Autoscaling The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set
disabled = true
to disable.- http
Load ClusterBalancing Addons Config Http Load Balancing The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set
disabled = true
to disable.- istio
Config ClusterAddons Config Istio Config . Structure is documented below.
- kalm
Config ClusterAddons Config Kalm Config . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = true
to enable.- network
Policy ClusterConfig Addons Config Network Policy Config Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a
network_policy
block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = false
to enable.
- cloudrun_
config ClusterAddons Config Cloudrun Config . Structure is documented below.
- config_
connector_ Clusterconfig Addons Config Config Connector Config . The status of the ConfigConnector addon. It is disabled by default; Set
enabled = true
to enable.This example
addons_config
disables two addons:import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
The
binary_authorization
block supports:- dns_
cache_ Clusterconfig Addons Config Dns Cache Config . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = true
to enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- gce_
persistent_ Clusterdisk_ csi_ driver_ config Addons Config Gce Persistent Disk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set
enabled = true
to enabled.- gcp_
filestore_ Clustercsi_ driver_ config Addons Config Gcp Filestore Csi Driver Config The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set
enabled = true
to enable.- gcs_
fuse_ Clustercsi_ driver_ config Addons Config Gcs Fuse Csi Driver Config The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default; set
enabled = true
to enable.- gke_
backup_ Clusteragent_ config Addons Config Gke Backup Agent Config . The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = true
to enable.- horizontal_
pod_ Clusterautoscaling Addons Config Horizontal Pod Autoscaling The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set
disabled = true
to disable.- http_
load_ Clusterbalancing Addons Config Http Load Balancing The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set
disabled = true
to disable.- istio_
config ClusterAddons Config Istio Config . Structure is documented below.
- kalm_
config ClusterAddons Config Kalm Config . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = true
to enable.- network_
policy_ Clusterconfig Addons Config Network Policy Config Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a
network_policy
block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = false
to enable.
- cloudrun
Config Property Map . Structure is documented below.
- config
Connector Property MapConfig . The status of the ConfigConnector addon. It is disabled by default; Set
enabled = true
to enable.This example
addons_config
disables two addons:import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
The
binary_authorization
block supports:- dns
Cache Property MapConfig . The status of the NodeLocal DNSCache addon. It is disabled by default. Set
enabled = true
to enable.Enabling/Disabling NodeLocal DNSCache in an existing cluster is a disruptive operation. All cluster nodes running GKE 1.15 and higher are recreated.
- gce
Persistent Property MapDisk Csi Driver Config . Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set
enabled = true
to enabled.- gcp
Filestore Property MapCsi Driver Config The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set
enabled = true
to enable.- gcs
Fuse Property MapCsi Driver Config The status of the GCSFuse CSI driver addon, which allows the usage of a gcs bucket as volumes. It is disabled by default; set
enabled = true
to enable.- gke
Backup Property MapAgent Config . The status of the Backup for GKE agent addon. It is disabled by default; Set
enabled = true
to enable.- horizontal
Pod Property MapAutoscaling The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set
disabled = true
to disable.- http
Load Property MapBalancing The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set
disabled = true
to disable.- istio
Config Property Map . Structure is documented below.
- kalm
Config Property Map . Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set
enabled = true
to enable.- network
Policy Property MapConfig Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a
network_policy
block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; setdisabled = false
to enable.
ClusterAddonsConfigCloudrunConfig, ClusterAddonsConfigCloudrunConfigArgs
- Disabled bool
The status of the CloudRun addon. It is disabled by default. Set
disabled=false
to enable.- Load
Balancer stringType The load balancer type of CloudRun ingress service. It is external load balancer by default. Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL
to configure it as internal load balancer.
- Disabled bool
The status of the CloudRun addon. It is disabled by default. Set
disabled=false
to enable.- Load
Balancer stringType The load balancer type of CloudRun ingress service. It is external load balancer by default. Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL
to configure it as internal load balancer.
- disabled Boolean
The status of the CloudRun addon. It is disabled by default. Set
disabled=false
to enable.- load
Balancer StringType The load balancer type of CloudRun ingress service. It is external load balancer by default. Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL
to configure it as internal load balancer.
- disabled boolean
The status of the CloudRun addon. It is disabled by default. Set
disabled=false
to enable.- load
Balancer stringType The load balancer type of CloudRun ingress service. It is external load balancer by default. Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL
to configure it as internal load balancer.
- disabled bool
The status of the CloudRun addon. It is disabled by default. Set
disabled=false
to enable.- load_
balancer_ strtype The load balancer type of CloudRun ingress service. It is external load balancer by default. Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL
to configure it as internal load balancer.
- disabled Boolean
The status of the CloudRun addon. It is disabled by default. Set
disabled=false
to enable.- load
Balancer StringType The load balancer type of CloudRun ingress service. It is external load balancer by default. Set
load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL
to configure it as internal load balancer.
ClusterAddonsConfigConfigConnectorConfig, ClusterAddonsConfigConfigConnectorConfigArgs
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
ClusterAddonsConfigDnsCacheConfig, ClusterAddonsConfigDnsCacheConfigArgs
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
ClusterAddonsConfigGcePersistentDiskCsiDriverConfig, ClusterAddonsConfigGcePersistentDiskCsiDriverConfigArgs
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
ClusterAddonsConfigGcpFilestoreCsiDriverConfig, ClusterAddonsConfigGcpFilestoreCsiDriverConfigArgs
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
ClusterAddonsConfigGcsFuseCsiDriverConfig, ClusterAddonsConfigGcsFuseCsiDriverConfigArgs
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
ClusterAddonsConfigGkeBackupAgentConfig, ClusterAddonsConfigGkeBackupAgentConfigArgs
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
ClusterAddonsConfigHorizontalPodAutoscaling, ClusterAddonsConfigHorizontalPodAutoscalingArgs
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
ClusterAddonsConfigHttpLoadBalancing, ClusterAddonsConfigHttpLoadBalancingArgs
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
ClusterAddonsConfigIstioConfig, ClusterAddonsConfigIstioConfigArgs
ClusterAddonsConfigKalmConfig, ClusterAddonsConfigKalmConfigArgs
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
ClusterAddonsConfigNetworkPolicyConfig, ClusterAddonsConfigNetworkPolicyConfigArgs
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
ClusterAuthenticatorGroupsConfig, ClusterAuthenticatorGroupsConfigArgs
- Security
Group string The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com
.
- Security
Group string The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com
.
- security
Group String The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com
.
- security
Group string The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com
.
- security_
group str The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com
.
- security
Group String The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format
gke-security-groups@yourdomain.com
.
ClusterBinaryAuthorization, ClusterBinaryAuthorizationArgs
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
Deprecated in favor of evaluation_mode.
- Evaluation
Mode string Mode of operation for Binary Authorization policy evaluation. Valid values are
DISABLED
andPROJECT_SINGLETON_POLICY_ENFORCE
.PROJECT_SINGLETON_POLICY_ENFORCE
is functionally equivalent to the deprecatedenable_binary_authorization
parameter being set totrue
.
- Enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
Deprecated in favor of evaluation_mode.
- Evaluation
Mode string Mode of operation for Binary Authorization policy evaluation. Valid values are
DISABLED
andPROJECT_SINGLETON_POLICY_ENFORCE
.PROJECT_SINGLETON_POLICY_ENFORCE
is functionally equivalent to the deprecatedenable_binary_authorization
parameter being set totrue
.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
Deprecated in favor of evaluation_mode.
- evaluation
Mode String Mode of operation for Binary Authorization policy evaluation. Valid values are
DISABLED
andPROJECT_SINGLETON_POLICY_ENFORCE
.PROJECT_SINGLETON_POLICY_ENFORCE
is functionally equivalent to the deprecatedenable_binary_authorization
parameter being set totrue
.
- enabled boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
Deprecated in favor of evaluation_mode.
- evaluation
Mode string Mode of operation for Binary Authorization policy evaluation. Valid values are
DISABLED
andPROJECT_SINGLETON_POLICY_ENFORCE
.PROJECT_SINGLETON_POLICY_ENFORCE
is functionally equivalent to the deprecatedenable_binary_authorization
parameter being set totrue
.
- enabled bool
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
Deprecated in favor of evaluation_mode.
- evaluation_
mode str Mode of operation for Binary Authorization policy evaluation. Valid values are
DISABLED
andPROJECT_SINGLETON_POLICY_ENFORCE
.PROJECT_SINGLETON_POLICY_ENFORCE
is functionally equivalent to the deprecatedenable_binary_authorization
parameter being set totrue
.
- enabled Boolean
Enable Binary Authorization for this cluster. Deprecated in favor of
evaluation_mode
.for autopilot clusters. Resource limits for
cpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.enforce encryption of data in-use.
If enabled, pods must be valid under a PodSecurityPolicy to be created.
not.
Deprecated in favor of evaluation_mode.
- evaluation
Mode String Mode of operation for Binary Authorization policy evaluation. Valid values are
DISABLED
andPROJECT_SINGLETON_POLICY_ENFORCE
.PROJECT_SINGLETON_POLICY_ENFORCE
is functionally equivalent to the deprecatedenable_binary_authorization
parameter being set totrue
.
ClusterClusterAutoscaling, ClusterClusterAutoscalingArgs
- Auto
Provisioning ClusterDefaults Cluster Autoscaling Auto Provisioning Defaults Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- Autoscaling
Profile string ) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be
BALANCED
orOPTIMIZE_UTILIZATION
. Defaults toBALANCED
.- Enabled bool
Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
true
is implied for autopilot clusters. Resource limits forcpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.- Resource
Limits List<ClusterCluster Autoscaling Resource Limit> Global constraints for machine resources in the cluster. Configuring the
cpu
andmemory
types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
- Auto
Provisioning ClusterDefaults Cluster Autoscaling Auto Provisioning Defaults Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- Autoscaling
Profile string ) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be
BALANCED
orOPTIMIZE_UTILIZATION
. Defaults toBALANCED
.- Enabled bool
Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
true
is implied for autopilot clusters. Resource limits forcpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.- Resource
Limits []ClusterCluster Autoscaling Resource Limit Global constraints for machine resources in the cluster. Configuring the
cpu
andmemory
types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
- auto
Provisioning ClusterDefaults Cluster Autoscaling Auto Provisioning Defaults Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- autoscaling
Profile String ) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be
BALANCED
orOPTIMIZE_UTILIZATION
. Defaults toBALANCED
.- enabled Boolean
Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
true
is implied for autopilot clusters. Resource limits forcpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.- resource
Limits List<ClusterCluster Autoscaling Resource Limit> Global constraints for machine resources in the cluster. Configuring the
cpu
andmemory
types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
- auto
Provisioning ClusterDefaults Cluster Autoscaling Auto Provisioning Defaults Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- autoscaling
Profile string ) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be
BALANCED
orOPTIMIZE_UTILIZATION
. Defaults toBALANCED
.- enabled boolean
Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
true
is implied for autopilot clusters. Resource limits forcpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.- resource
Limits ClusterCluster Autoscaling Resource Limit[] Global constraints for machine resources in the cluster. Configuring the
cpu
andmemory
types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
- auto_
provisioning_ Clusterdefaults Cluster Autoscaling Auto Provisioning Defaults Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- autoscaling_
profile str ) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be
BALANCED
orOPTIMIZE_UTILIZATION
. Defaults toBALANCED
.- enabled bool
Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
true
is implied for autopilot clusters. Resource limits forcpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.- resource_
limits Sequence[ClusterCluster Autoscaling Resource Limit] Global constraints for machine resources in the cluster. Configuring the
cpu
andmemory
types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
- auto
Provisioning Property MapDefaults Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
- autoscaling
Profile String ) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be
BALANCED
orOPTIMIZE_UTILIZATION
. Defaults toBALANCED
.- enabled Boolean
Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters,
true
is implied for autopilot clusters. Resource limits forcpu
andmemory
must be defined to enable node auto-provisioning for GKE Standard.- resource
Limits List<Property Map> Global constraints for machine resources in the cluster. Configuring the
cpu
andmemory
types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
ClusterClusterAutoscalingAutoProvisioningDefaults, ClusterClusterAutoscalingAutoProvisioningDefaultsArgs
- Boot
Disk stringKms Key The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- Disk
Size int Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100
- Disk
Type string Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to
pd-standard
- Image
Type string The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24
- Management
Cluster
Cluster Autoscaling Auto Provisioning Defaults Management NodeManagement configuration for this NodePool. Structure is documented below.
- Min
Cpu stringPlatform Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- Oauth
Scopes List<string> Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_account
to a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.write
is always enabled regardless of user input.monitoring
andlogging.write
may also be enabled depending on the values formonitoring_service
andlogging_service
.- Service
Account string The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- Shielded
Instance ClusterConfig Cluster Autoscaling Auto Provisioning Defaults Shielded Instance Config Shielded Instance options. Structure is documented below.
- Upgrade
Settings ClusterCluster Autoscaling Auto Provisioning Defaults Upgrade Settings Specifies the upgrade settings for NAP created node pools. Structure is documented below.
- Boot
Disk stringKms Key The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- Disk
Size int Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100
- Disk
Type string Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to
pd-standard
- Image
Type string The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24
- Management
Cluster
Cluster Autoscaling Auto Provisioning Defaults Management NodeManagement configuration for this NodePool. Structure is documented below.
- Min
Cpu stringPlatform Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- Oauth
Scopes []string Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_account
to a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.write
is always enabled regardless of user input.monitoring
andlogging.write
may also be enabled depending on the values formonitoring_service
andlogging_service
.- Service
Account string The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- Shielded
Instance ClusterConfig Cluster Autoscaling Auto Provisioning Defaults Shielded Instance Config Shielded Instance options. Structure is documented below.
- Upgrade
Settings ClusterCluster Autoscaling Auto Provisioning Defaults Upgrade Settings Specifies the upgrade settings for NAP created node pools. Structure is documented below.
- boot
Disk StringKms Key The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- disk
Size Integer Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100
- disk
Type String Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to
pd-standard
- image
Type String The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24
- management
Cluster
Cluster Autoscaling Auto Provisioning Defaults Management NodeManagement configuration for this NodePool. Structure is documented below.
- min
Cpu StringPlatform Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- oauth
Scopes List<String> Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_account
to a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.write
is always enabled regardless of user input.monitoring
andlogging.write
may also be enabled depending on the values formonitoring_service
andlogging_service
.- service
Account String The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- shielded
Instance ClusterConfig Cluster Autoscaling Auto Provisioning Defaults Shielded Instance Config Shielded Instance options. Structure is documented below.
- upgrade
Settings ClusterCluster Autoscaling Auto Provisioning Defaults Upgrade Settings Specifies the upgrade settings for NAP created node pools. Structure is documented below.
- boot
Disk stringKms Key The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- disk
Size number Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100
- disk
Type string Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to
pd-standard
- image
Type string The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24
- management
Cluster
Cluster Autoscaling Auto Provisioning Defaults Management NodeManagement configuration for this NodePool. Structure is documented below.
- min
Cpu stringPlatform Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- oauth
Scopes string[] Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_account
to a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.write
is always enabled regardless of user input.monitoring
andlogging.write
may also be enabled depending on the values formonitoring_service
andlogging_service
.- service
Account string The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- shielded
Instance ClusterConfig Cluster Autoscaling Auto Provisioning Defaults Shielded Instance Config Shielded Instance options. Structure is documented below.
- upgrade
Settings ClusterCluster Autoscaling Auto Provisioning Defaults Upgrade Settings Specifies the upgrade settings for NAP created node pools. Structure is documented below.
- boot_
disk_ strkms_ key The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- disk_
size int Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100
- disk_
type str Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to
pd-standard
- image_
type str The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24
- management
Cluster
Cluster Autoscaling Auto Provisioning Defaults Management NodeManagement configuration for this NodePool. Structure is documented below.
- min_
cpu_ strplatform Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- oauth_
scopes Sequence[str] Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_account
to a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.write
is always enabled regardless of user input.monitoring
andlogging.write
may also be enabled depending on the values formonitoring_service
andlogging_service
.- service_
account str The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- shielded_
instance_ Clusterconfig Cluster Autoscaling Auto Provisioning Defaults Shielded Instance Config Shielded Instance options. Structure is documented below.
- upgrade_
settings ClusterCluster Autoscaling Auto Provisioning Defaults Upgrade Settings Specifies the upgrade settings for NAP created node pools. Structure is documented below.
- boot
Disk StringKms Key The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
- disk
Size Number Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to
100
- disk
Type String Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced'). Defaults to
pd-standard
- image
Type String The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of
GKE 1.24
- management Property Map
NodeManagement configuration for this NodePool. Structure is documented below.
- min
Cpu StringPlatform Minimum CPU platform to be used for NAP created node pools. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as "Intel Haswell" or "Intel Sandy Bridge".
- oauth
Scopes List<String> Scopes that are used by NAP and GKE Autopilot when creating node pools. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set
service_account
to a non-default service account and grant IAM roles to that service account for only the resources that it needs.monitoring.write
is always enabled regardless of user input.monitoring
andlogging.write
may also be enabled depending on the values formonitoring_service
andlogging_service
.- service
Account String The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP.
- shielded
Instance Property MapConfig Shielded Instance options. Structure is documented below.
- upgrade
Settings Property Map Specifies the upgrade settings for NAP created node pools. Structure is documented below.
ClusterClusterAutoscalingAutoProvisioningDefaultsManagement, ClusterClusterAutoscalingAutoProvisioningDefaultsManagementArgs
- Auto
Repair bool Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- Auto
Upgrade bool Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- Upgrade
Options List<ClusterCluster Autoscaling Auto Provisioning Defaults Management Upgrade Option>
- Auto
Repair bool Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- Auto
Upgrade bool Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- Upgrade
Options []ClusterCluster Autoscaling Auto Provisioning Defaults Management Upgrade Option
- auto
Repair Boolean Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto
Upgrade Boolean Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- upgrade
Options List<ClusterCluster Autoscaling Auto Provisioning Defaults Management Upgrade Option>
- auto
Repair boolean Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto
Upgrade boolean Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- upgrade
Options ClusterCluster Autoscaling Auto Provisioning Defaults Management Upgrade Option[]
- auto_
repair bool Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto_
upgrade bool Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- upgrade_
options Sequence[ClusterCluster Autoscaling Auto Provisioning Defaults Management Upgrade Option]
- auto
Repair Boolean Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
This block also contains several computed attributes, documented below.
- auto
Upgrade Boolean Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
- upgrade
Options List<Property Map>
ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOption, ClusterClusterAutoscalingAutoProvisioningDefaultsManagementUpgradeOptionArgs
- Auto
Upgrade stringStart Time - Description string
Description of the cluster.
- Auto
Upgrade stringStart Time - Description string
Description of the cluster.
- auto
Upgrade StringStart Time - description String
Description of the cluster.
- auto
Upgrade stringStart Time - description string
Description of the cluster.
- auto_
upgrade_ strstart_ time - description str
Description of the cluster.
- auto
Upgrade StringStart Time - description String
Description of the cluster.
ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfig, ClusterClusterAutoscalingAutoProvisioningDefaultsShieldedInstanceConfigArgs
- Enable
Integrity boolMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true
.- Enable
Secure boolBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false
.
- Enable
Integrity boolMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true
.- Enable
Secure boolBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false
.
- enable
Integrity BooleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true
.- enable
Secure BooleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false
.
- enable
Integrity booleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true
.- enable
Secure booleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false
.
- enable_
integrity_ boolmonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true
.- enable_
secure_ boolboot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false
.
- enable
Integrity BooleanMonitoring Defines if the instance has integrity monitoring enabled.
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. Defaults to
true
.- enable
Secure BooleanBoot Defines if the instance has Secure Boot enabled.
Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to
false
.
ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettings, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsArgs
- Blue
Green ClusterSettings Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- Max
Surge int The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- int
The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Strategy string
Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- Blue
Green ClusterSettings Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- Max
Surge int The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- int
The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Strategy string
Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue
Green ClusterSettings Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max
Surge Integer The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Integer
The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy String
Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue
Green ClusterSettings Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max
Surge number The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- number
The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy string
Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue_
green_ Clustersettings Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max_
surge int The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- int
The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy str
Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
- blue
Green Property MapSettings Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- max
Surge Number The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- Number
The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
- strategy String
Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettings, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsArgs
- Node
Pool stringSoak Duration Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- Standard
Rollout ClusterPolicy Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Standard Rollout Policy Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- Node
Pool stringSoak Duration Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- Standard
Rollout ClusterPolicy Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Standard Rollout Policy Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node
Pool StringSoak Duration Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard
Rollout ClusterPolicy Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Standard Rollout Policy Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node
Pool stringSoak Duration Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard
Rollout ClusterPolicy Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Standard Rollout Policy Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node_
pool_ strsoak_ duration Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard_
rollout_ Clusterpolicy Cluster Autoscaling Auto Provisioning Defaults Upgrade Settings Blue Green Settings Standard Rollout Policy Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
- node
Pool StringSoak Duration Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- standard
Rollout Property MapPolicy Standard policy for the blue-green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicy, ClusterClusterAutoscalingAutoProvisioningDefaultsUpgradeSettingsBlueGreenSettingsStandardRolloutPolicyArgs
- Batch
Node intCount Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Percentage double Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Soak stringDuration Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- Batch
Node intCount Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Percentage float64 Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- Batch
Soak stringDuration Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch
Node IntegerCount Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch
Percentage Double Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch
Soak StringDuration Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch
Node numberCount Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch
Percentage number Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch
Soak stringDuration Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch_
node_ intcount Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch_
percentage float Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch_
soak_ strduration Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
- batch
Node NumberCount Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
- batch
Percentage Number Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
- batch
Soak StringDuration Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
ClusterClusterAutoscalingResourceLimit, ClusterClusterAutoscalingResourceLimitArgs
- Resource
Type string The type of the resource. For example,
cpu
andmemory
. See the guide to using Node Auto-Provisioning for a list of types.- Maximum int
Maximum amount of the resource in the cluster.
- Minimum int
Minimum amount of the resource in the cluster.
- Resource
Type string The type of the resource. For example,
cpu
andmemory
. See the guide to using Node Auto-Provisioning for a list of types.- Maximum int
Maximum amount of the resource in the cluster.
- Minimum int
Minimum amount of the resource in the cluster.
- resource
Type String The type of the resource. For example,
cpu
andmemory
. See the guide to using Node Auto-Provisioning for a list of types.- maximum Integer
Maximum amount of the resource in the cluster.
- minimum Integer
Minimum amount of the resource in the cluster.
- resource
Type string The type of the resource. For example,
cpu
andmemory
. See the guide to using Node Auto-Provisioning for a list of types.- maximum number
Maximum amount of the resource in the cluster.
- minimum number
Minimum amount of the resource in the cluster.
- resource_
type str The type of the resource. For example,
cpu
andmemory
. See the guide to using Node Auto-Provisioning for a list of types.- maximum int
Maximum amount of the resource in the cluster.
- minimum int
Minimum amount of the resource in the cluster.
- resource
Type String The type of the resource. For example,
cpu
andmemory
. See the guide to using Node Auto-Provisioning for a list of types.- maximum Number
Maximum amount of the resource in the cluster.
- minimum Number
Minimum amount of the resource in the cluster.
ClusterClusterTelemetry, ClusterClusterTelemetryArgs
- Type string
Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY
);SYSTEM_ONLY
(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
- Type string
Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY
);SYSTEM_ONLY
(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
- type String
Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY
);SYSTEM_ONLY
(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
- type string
Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY
);SYSTEM_ONLY
(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
- type str
Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY
);SYSTEM_ONLY
(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
- type String
Telemetry integration for the cluster. Supported values (
ENABLED, DISABLED, SYSTEM_ONLY
);SYSTEM_ONLY
(Only system components are monitored and logged) is only available in GKE versions 1.15 and later.
ClusterConfidentialNodes, ClusterConfidentialNodesArgs
- Enabled bool
Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- Enabled bool
Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled Boolean
Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled boolean
Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled bool
Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
- enabled Boolean
Enable Confidential GKE Nodes for this cluster, to enforce encryption of data in-use.
ClusterCostManagementConfig, ClusterCostManagementConfigArgs
- Enabled bool
Whether to enable the cost allocation feature.
- Enabled bool
Whether to enable the cost allocation feature.
- enabled Boolean
Whether to enable the cost allocation feature.
- enabled boolean
Whether to enable the cost allocation feature.
- enabled bool
Whether to enable the cost allocation feature.
- enabled Boolean
Whether to enable the cost allocation feature.
ClusterDatabaseEncryption, ClusterDatabaseEncryptionArgs
- State string
ENCRYPTED
orDECRYPTED
- Key
Name string the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apis
block supports:
- State string
ENCRYPTED
orDECRYPTED
- Key
Name string the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apis
block supports:
- state String
ENCRYPTED
orDECRYPTED
- key
Name String the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apis
block supports:
- state string
ENCRYPTED
orDECRYPTED
- key
Name string the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apis
block supports:
- state str
ENCRYPTED
orDECRYPTED
- key_
name str the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apis
block supports:
- state String
ENCRYPTED
orDECRYPTED
- key
Name String the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
The
enable_k8s_beta_apis
block supports:
ClusterDefaultSnatStatus, ClusterDefaultSnatStatusArgs
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
ClusterDnsConfig, ClusterDnsConfigArgs
- Cluster
Dns string Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED
(default) orPLATFORM_DEFAULT
orCLOUD_DNS
.- Cluster
Dns stringDomain The suffix used for all cluster service records.
- Cluster
Dns stringScope The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED
(default) orCLUSTER_SCOPE
orVPC_SCOPE
.
- Cluster
Dns string Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED
(default) orPLATFORM_DEFAULT
orCLOUD_DNS
.- Cluster
Dns stringDomain The suffix used for all cluster service records.
- Cluster
Dns stringScope The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED
(default) orCLUSTER_SCOPE
orVPC_SCOPE
.
- cluster
Dns String Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED
(default) orPLATFORM_DEFAULT
orCLOUD_DNS
.- cluster
Dns StringDomain The suffix used for all cluster service records.
- cluster
Dns StringScope The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED
(default) orCLUSTER_SCOPE
orVPC_SCOPE
.
- cluster
Dns string Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED
(default) orPLATFORM_DEFAULT
orCLOUD_DNS
.- cluster
Dns stringDomain The suffix used for all cluster service records.
- cluster
Dns stringScope The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED
(default) orCLUSTER_SCOPE
orVPC_SCOPE
.
- cluster_
dns str Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED
(default) orPLATFORM_DEFAULT
orCLOUD_DNS
.- cluster_
dns_ strdomain The suffix used for all cluster service records.
- cluster_
dns_ strscope The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED
(default) orCLUSTER_SCOPE
orVPC_SCOPE
.
- cluster
Dns String Which in-cluster DNS provider should be used.
PROVIDER_UNSPECIFIED
(default) orPLATFORM_DEFAULT
orCLOUD_DNS
.- cluster
Dns StringDomain The suffix used for all cluster service records.
- cluster
Dns StringScope The scope of access to cluster DNS records.
DNS_SCOPE_UNSPECIFIED
(default) orCLUSTER_SCOPE
orVPC_SCOPE
.
ClusterEnableK8sBetaApis, ClusterEnableK8sBetaApisArgs
- Enabled
Apis List<string> Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
- Enabled
Apis []string Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
- enabled
Apis List<String> Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
- enabled
Apis string[] Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
- enabled_
apis Sequence[str] Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
- enabled
Apis List<String> Enabled Kubernetes Beta APIs. To list a Beta API resource, use the representation {group}/{version}/{resource}. The version must be a Beta version. Note that you cannot disable beta APIs that are already enabled on a cluster without recreating it. See the Configure beta APIs for more information.
ClusterGatewayApiConfig, ClusterGatewayApiConfigArgs
- Channel string
Which Gateway Api channel should be used.
CHANNEL_DISABLED
,CHANNEL_EXPERIMENTAL
orCHANNEL_STANDARD
.
- Channel string
Which Gateway Api channel should be used.
CHANNEL_DISABLED
,CHANNEL_EXPERIMENTAL
orCHANNEL_STANDARD
.
- channel String
Which Gateway Api channel should be used.
CHANNEL_DISABLED
,CHANNEL_EXPERIMENTAL
orCHANNEL_STANDARD
.
- channel string
Which Gateway Api channel should be used.
CHANNEL_DISABLED
,CHANNEL_EXPERIMENTAL
orCHANNEL_STANDARD
.
- channel str
Which Gateway Api channel should be used.
CHANNEL_DISABLED
,CHANNEL_EXPERIMENTAL
orCHANNEL_STANDARD
.
- channel String
Which Gateway Api channel should be used.
CHANNEL_DISABLED
,CHANNEL_EXPERIMENTAL
orCHANNEL_STANDARD
.
ClusterIdentityServiceConfig, ClusterIdentityServiceConfigArgs
- Enabled bool
Whether to enable the Identity Service component. It is disabled by default. Set
enabled=true
to enable.
- Enabled bool
Whether to enable the Identity Service component. It is disabled by default. Set
enabled=true
to enable.
- enabled Boolean
Whether to enable the Identity Service component. It is disabled by default. Set
enabled=true
to enable.
- enabled boolean
Whether to enable the Identity Service component. It is disabled by default. Set
enabled=true
to enable.
- enabled bool
Whether to enable the Identity Service component. It is disabled by default. Set
enabled=true
to enable.
- enabled Boolean
Whether to enable the Identity Service component. It is disabled by default. Set
enabled=true
to enable.
ClusterIpAllocationPolicy, ClusterIpAllocationPolicyArgs
- Additional
Pod ClusterRanges Config Ip Allocation Policy Additional Pod Ranges Config The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- Cluster
Ipv4Cidr stringBlock The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- Cluster
Secondary stringRange Name The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- Pod
Cidr ClusterOverprovision Config Ip Allocation Policy Pod Cidr Overprovision Config - Services
Ipv4Cidr stringBlock The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- Services
Secondary stringRange Name The name of the existing secondary range in the cluster's subnetwork to use for service
ClusterIP
s. Alternatively,services_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- Stack
Type string The IP Stack Type of the cluster. Default value is
IPV4
. Possible values areIPV4
andIPV4_IPV6
.
- Additional
Pod ClusterRanges Config Ip Allocation Policy Additional Pod Ranges Config The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- Cluster
Ipv4Cidr stringBlock The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- Cluster
Secondary stringRange Name The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- Pod
Cidr ClusterOverprovision Config Ip Allocation Policy Pod Cidr Overprovision Config - Services
Ipv4Cidr stringBlock The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- Services
Secondary stringRange Name The name of the existing secondary range in the cluster's subnetwork to use for service
ClusterIP
s. Alternatively,services_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- Stack
Type string The IP Stack Type of the cluster. Default value is
IPV4
. Possible values areIPV4
andIPV4_IPV6
.
- additional
Pod ClusterRanges Config Ip Allocation Policy Additional Pod Ranges Config The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- cluster
Ipv4Cidr StringBlock The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- cluster
Secondary StringRange Name The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- pod
Cidr ClusterOverprovision Config Ip Allocation Policy Pod Cidr Overprovision Config - services
Ipv4Cidr StringBlock The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- services
Secondary StringRange Name The name of the existing secondary range in the cluster's subnetwork to use for service
ClusterIP
s. Alternatively,services_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- stack
Type String The IP Stack Type of the cluster. Default value is
IPV4
. Possible values areIPV4
andIPV4_IPV6
.
- additional
Pod ClusterRanges Config Ip Allocation Policy Additional Pod Ranges Config The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- cluster
Ipv4Cidr stringBlock The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- cluster
Secondary stringRange Name The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- pod
Cidr ClusterOverprovision Config Ip Allocation Policy Pod Cidr Overprovision Config - services
Ipv4Cidr stringBlock The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- services
Secondary stringRange Name The name of the existing secondary range in the cluster's subnetwork to use for service
ClusterIP
s. Alternatively,services_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- stack
Type string The IP Stack Type of the cluster. Default value is
IPV4
. Possible values areIPV4
andIPV4_IPV6
.
- additional_
pod_ Clusterranges_ config Ip Allocation Policy Additional Pod Ranges Config The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- cluster_
ipv4_ strcidr_ block The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- cluster_
secondary_ strrange_ name The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- pod_
cidr_ Clusteroverprovision_ config Ip Allocation Policy Pod Cidr Overprovision Config - services_
ipv4_ strcidr_ block The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- services_
secondary_ strrange_ name The name of the existing secondary range in the cluster's subnetwork to use for service
ClusterIP
s. Alternatively,services_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- stack_
type str The IP Stack Type of the cluster. Default value is
IPV4
. Possible values areIPV4
andIPV4_IPV6
.
- additional
Pod Property MapRanges Config The configuration for additional pod secondary ranges at the cluster level. Used for Autopilot clusters and Standard clusters with which control of the secondary Pod IP address assignment to node pools isn't needed. Structure is documented below.
- cluster
Ipv4Cidr StringBlock The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- cluster
Secondary StringRange Name The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively,
cluster_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- pod
Cidr Property MapOverprovision Config - services
Ipv4Cidr StringBlock The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
- services
Secondary StringRange Name The name of the existing secondary range in the cluster's subnetwork to use for service
ClusterIP
s. Alternatively,services_ipv4_cidr_block
can be used to automatically create a GKE-managed one.- stack
Type String The IP Stack Type of the cluster. Default value is
IPV4
. Possible values areIPV4
andIPV4_IPV6
.
ClusterIpAllocationPolicyAdditionalPodRangesConfig, ClusterIpAllocationPolicyAdditionalPodRangesConfigArgs
- Pod
Range List<string>Names The names of the Pod ranges to add to the cluster.
- Pod
Range []stringNames The names of the Pod ranges to add to the cluster.
- pod
Range List<String>Names The names of the Pod ranges to add to the cluster.
- pod
Range string[]Names The names of the Pod ranges to add to the cluster.
- pod_
range_ Sequence[str]names The names of the Pod ranges to add to the cluster.
- pod
Range List<String>Names The names of the Pod ranges to add to the cluster.
ClusterIpAllocationPolicyPodCidrOverprovisionConfig, ClusterIpAllocationPolicyPodCidrOverprovisionConfigArgs
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- Disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled bool
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
- disabled Boolean
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
The
cluster_telemetry
block supports
ClusterLoggingConfig, ClusterLoggingConfigArgs
- Enable
Components List<string> The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS
,APISERVER
,CONTROLLER_MANAGER
,SCHEDULER
, andWORKLOADS
.
- Enable
Components []string The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS
,APISERVER
,CONTROLLER_MANAGER
,SCHEDULER
, andWORKLOADS
.
- enable
Components List<String> The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS
,APISERVER
,CONTROLLER_MANAGER
,SCHEDULER
, andWORKLOADS
.
- enable
Components string[] The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS
,APISERVER
,CONTROLLER_MANAGER
,SCHEDULER
, andWORKLOADS
.
- enable_
components Sequence[str] The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS
,APISERVER
,CONTROLLER_MANAGER
,SCHEDULER
, andWORKLOADS
.
- enable
Components List<String> The GKE components exposing logs. Supported values include:
SYSTEM_COMPONENTS
,APISERVER
,CONTROLLER_MANAGER
,SCHEDULER
, andWORKLOADS
.
ClusterMaintenancePolicy, ClusterMaintenancePolicyArgs
- Daily
Maintenance ClusterWindow Maintenance Policy Daily Maintenance Window Time window specified for daily maintenance operations. Specify
start_time
in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
- Maintenance
Exclusions List<ClusterMaintenance Policy Maintenance Exclusion> Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- Recurring
Window ClusterMaintenance Policy Recurring Window Time window for recurring maintenance operations.
Specify
start_time
andend_time
in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrence
in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi; return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
- Daily
Maintenance ClusterWindow Maintenance Policy Daily Maintenance Window Time window specified for daily maintenance operations. Specify
start_time
in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
- Maintenance
Exclusions []ClusterMaintenance Policy Maintenance Exclusion Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- Recurring
Window ClusterMaintenance Policy Recurring Window Time window for recurring maintenance operations.
Specify
start_time
andend_time
in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrence
in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi; return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
- daily
Maintenance ClusterWindow Maintenance Policy Daily Maintenance Window Time window specified for daily maintenance operations. Specify
start_time
in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
- maintenance
Exclusions List<ClusterMaintenance Policy Maintenance Exclusion> Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- recurring
Window ClusterMaintenance Policy Recurring Window Time window for recurring maintenance operations.
Specify
start_time
andend_time
in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrence
in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi; return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
- daily
Maintenance ClusterWindow Maintenance Policy Daily Maintenance Window Time window specified for daily maintenance operations. Specify
start_time
in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
- maintenance
Exclusions ClusterMaintenance Policy Maintenance Exclusion[] Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- recurring
Window ClusterMaintenance Policy Recurring Window Time window for recurring maintenance operations.
Specify
start_time
andend_time
in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrence
in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi; return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
- daily_
maintenance_ Clusterwindow Maintenance Policy Daily Maintenance Window Time window specified for daily maintenance operations. Specify
start_time
in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
- maintenance_
exclusions Sequence[ClusterMaintenance Policy Maintenance Exclusion] Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- recurring_
window ClusterMaintenance Policy Recurring Window Time window for recurring maintenance operations.
Specify
start_time
andend_time
in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrence
in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi; return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
- daily
Maintenance Property MapWindow Time window specified for daily maintenance operations. Specify
start_time
in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT. For example:Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
- maintenance
Exclusions List<Property Map> Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. A cluster can have up to 20 maintenance exclusions at a time Maintenance Window and Exclusions
- recurring
Window Property Map Time window for recurring maintenance operations.
Specify
start_time
andend_time
in RFC3339 "Zulu" date format. The start time's date is the initial date that the window starts, and the end time is used for calculating duration. Specifyrecurrence
in RFC5545 RRULE format, to specify when this recurs. Note that GKE may accept other formats, but will return values in UTC, causing a permanent diff.Examples:
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi;
return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
import * as pulumi from "@pulumi/pulumi";
import pulumi
using System.Collections.Generic; using System.Linq; using Pulumi; return await Deployment.RunAsync(() => { });
package main import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { } }
{}
ClusterMaintenancePolicyDailyMaintenanceWindow, ClusterMaintenancePolicyDailyMaintenanceWindowArgs
- start_
time str - duration str
ClusterMaintenancePolicyMaintenanceExclusion, ClusterMaintenancePolicyMaintenanceExclusionArgs
- End
Time string - Exclusion
Name string - Start
Time string - Exclusion
Options ClusterMaintenance Policy Maintenance Exclusion Exclusion Options MaintenanceExclusionOptions provides maintenance exclusion related options.
- End
Time string - Exclusion
Name string - Start
Time string - Exclusion
Options ClusterMaintenance Policy Maintenance Exclusion Exclusion Options MaintenanceExclusionOptions provides maintenance exclusion related options.
- end
Time String - exclusion
Name String - start
Time String - exclusion
Options ClusterMaintenance Policy Maintenance Exclusion Exclusion Options MaintenanceExclusionOptions provides maintenance exclusion related options.
- end
Time string - exclusion
Name string - start
Time string - exclusion
Options ClusterMaintenance Policy Maintenance Exclusion Exclusion Options MaintenanceExclusionOptions provides maintenance exclusion related options.
- end_
time str - exclusion_
name str - start_
time str - exclusion_
options ClusterMaintenance Policy Maintenance Exclusion Exclusion Options MaintenanceExclusionOptions provides maintenance exclusion related options.
- end
Time String - exclusion
Name String - start
Time String - exclusion
Options Property Map MaintenanceExclusionOptions provides maintenance exclusion related options.