REST Resource: projects.locations.awsClusters

{
  "name": string,
  "description": string,
  "networking": {
    object (AwsClusterNetworking)
  },
  "awsRegion": string,
  "controlPlane": {
    object (AwsControlPlane)
  },
  "authorization": {
    object (AwsAuthorization)
  },
  "state": enum (State),
  "endpoint": string,
  "uid": string,
  "reconciling": boolean,
  "createTime": string,
  "updateTime": string,
  "etag": string,
  "annotations": {
    string: string,
    ...
  },
  "workloadIdentityConfig": {
    object (WorkloadIdentityConfig)
  },
  "clusterCaCertificate": string,
  "fleet": {
    object (Fleet)
  },
  "loggingConfig": {
    object (LoggingConfig)
  },
  "errors": [
    {
      object (AwsClusterError)
    }
  ],
  "monitoringConfig": {
    object (MonitoringConfig)
  },
  "binaryAuthorization": {
    object (BinaryAuthorization)
  }
}

string

The name of this resource.

Cluster names are formatted as projects/<project-number>/locations/<region>/awsClusters/<cluster-id>.

See Resource Names for more details on Google Cloud Platform resource names.

string

Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.

object (AwsClusterNetworking)

Required. Cluster-wide networking configuration.

string

Required. The AWS region where the cluster runs.

Each Google Cloud region supports a subset of nearby AWS regions. You can call locations.getAwsServerConfig to list all supported AWS regions within a given Google Cloud region.

object (AwsControlPlane)

Required. Configuration related to the cluster control plane.

object (AwsAuthorization)

Required. Configuration related to the cluster RBAC settings.

enum (State)

Output only. The current state of the cluster.

string

Output only. The endpoint of the cluster's API server.

string

Output only. A globally unique identifier for the cluster.

boolean

Output only. If set, there are currently changes in flight to the cluster.

string (Timestamp format)

Output only. The time at which this cluster was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

string (Timestamp format)

Output only. The time at which this cluster was last updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

string

Allows clients to perform consistent read-modify-writes through optimistic concurrency control.

Can be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.

map (key: string, value: string)

Optional. Annotations on the cluster.

This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

object (WorkloadIdentityConfig)

Output only. Workload Identity settings.

string

Output only. PEM encoded x509 certificate of the cluster root of trust.

object (Fleet)

Required. Fleet configuration.

object (LoggingConfig)

Optional. Logging configuration for this cluster.

object (AwsClusterError)

Output only. A set of errors found in the cluster.

object (MonitoringConfig)

Optional. Monitoring configuration for this cluster.

object (BinaryAuthorization)

Optional. Binary Authorization configuration for this cluster.

{
  "vpcId": string,
  "podAddressCidrBlocks": [
    string
  ],
  "serviceAddressCidrBlocks": [
    string
  ],
  "perNodePoolSgRulesDisabled": boolean
}

string

Required. The VPC associated with the cluster. All component clusters (i.e. control plane and node pools) run on a single VPC.

This field cannot be changed after creation.

string

Required. All pods in the cluster are assigned an IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.

string

Required. All services in the cluster are assigned an IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.

boolean

Optional. Disable the per node pool subnet security group rules on the control plane security group. When set to true, you must also provide one or more security groups that ensure node pools are able to send requests to the control plane on TCP/443 and TCP/8132. Failure to do so may result in unavailable node pools.

{
  "version": string,
  "instanceType": string,
  "sshConfig": {
    object (AwsSshConfig)
  },
  "subnetIds": [
    string
  ],
  "securityGroupIds": [
    string
  ],
  "iamInstanceProfile": string,
  "rootVolume": {
    object (AwsVolumeTemplate)
  },
  "mainVolume": {
    object (AwsVolumeTemplate)
  },
  "databaseEncryption": {
    object (AwsDatabaseEncryption)
  },
  "tags": {
    string: string,
    ...
  },
  "awsServicesAuthentication": {
    object (AwsServicesAuthentication)
  },
  "proxyConfig": {
    object (AwsProxyConfig)
  },
  "configEncryption": {
    object (AwsConfigEncryption)
  },
  "instancePlacement": {
    object (AwsInstancePlacement)
  }
}

string

Required. The Kubernetes version to run on control plane replicas (e.g. 1.19.10-gke.1000).

You can list all supported versions on a given Google Cloud region by calling locations.getAwsServerConfig.

string

Optional. The AWS instance type.

When unspecified, it uses a default based on the cluster's version.

object (AwsSshConfig)

Optional. SSH configuration for how to access the underlying control plane machines.

string

Required. The list of subnets where control plane replicas will run. A replica will be provisioned on each subnet and up to three values can be provided. Each subnet must be in a different AWS Availability Zone (AZ).

string

Optional. The IDs of additional security groups to add to control plane replicas. The Anthos Multi-Cloud API will automatically create and manage security groups with the minimum rules needed for a functioning cluster.

string

Required. The name or ARN of the AWS IAM instance profile to assign to each control plane replica.

object (AwsVolumeTemplate)

Optional. Configuration related to the root volume provisioned for each control plane replica.

Volumes will be provisioned in the availability zone associated with the corresponding subnet.

When unspecified, it defaults to 32 GiB with the GP2 volume type.

object (AwsVolumeTemplate)

Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state.

Volumes will be provisioned in the availability zone associated with the corresponding subnet.

When unspecified, it defaults to 8 GiB with the GP2 volume type.

object (AwsDatabaseEncryption)

Required. The ARN of the AWS KMS key used to encrypt cluster secrets.

map (key: string, value: string)

Optional. A set of AWS resource tags to propagate to all underlying managed AWS resources.

Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

object (AwsServicesAuthentication)

Required. Authentication configuration for management of AWS resources.

object (AwsProxyConfig)

Optional. Proxy configuration for outbound HTTP(S) traffic.

object (AwsConfigEncryption)

Required. Config encryption for user data.

object (AwsInstancePlacement)

Optional. The placement to use on control plane instances. When unspecified, the VPC's default tenancy will be used.

{
  "kmsKeyArn": string
}

string

Required. The ARN of the AWS KMS key used to encrypt cluster secrets.

{
  "roleArn": string,
  "roleSessionName": string
}

string

Required. The Amazon Resource Name (ARN) of the role that the Anthos Multi-Cloud API will assume when managing AWS resources on your account.

string

Optional. An identifier for the assumed role session.

When unspecified, it defaults to multicloud-service-agent.

{
  "adminUsers": [
    {
      object (AwsClusterUser)
    }
  ],
  "adminGroups": [
    {
      object (AwsClusterGroup)
    }
  ]
}

object (AwsClusterUser)

Optional. Users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided.

For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles

object (AwsClusterGroup)

Optional. Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the groups. Up to ten admin groups can be provided.

For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles

{
  "username": string
}

string

Required. The name of the user, e.g. my-gcp-id@gmail.com.

{
  "group": string
}

string

Required. The name of the group, e.g. my-group@domain.com.

{
  "message": string
}

string

Human-friendly description of the error.