Configure a GKE Autopilot cluster in Application Design Center

A GKE Autopilot cluster lets Google manage your infrastructure configuration, including your nodes, scaling, security, and other preconfigured settings. Autopilot is optimized to run most production workloads, and provisions compute resources based on your Kubernetes manifests.

This document describes the connections and parameters you can configure when using App Design Center to create a GKE Autopilot cluster. The configuration parameters are based on the GKE Autopilot cluster Terraform module.

Required configuration parameters

If your template includes a GKE Autopilot cluster, you must configure the following parameters before you deploy.

Feature	Parameter name	Description and constraint information	Background information
	Name	The name of the cluster.	About cluster configuration choices
	Project Id	The project where you want to create the GKE Autopilot cluster.	Configure components
	Region or Zone	The location (region or zone) in which the cluster is created.	Cluster availability
	Network	network	Explore GKE networking documentation and use cases
	Subnetwork	subnetwork	Explore GKE networking documentation and use cases
Master Authorized Networks Config	CIDR Block Display name	displayName	About network isolation in GKE
Master Authorized Networks Config	CIDR Block	cidrBlock	About network isolation in GKE
Workload Identity Config	Workload Pool	workloadPool	Use Workload Identity

Optional configuration parameters

The following parameters are optional. To display advanced parameters, in the Configuration area, select Show advanced fields.

Feature	Parameter name	Description and constraint information	Background information
	Description	description
	Node Locations	locations	Location and distribution of the nodes
	Deletion Protection	Whether Terraform is prevented from destroying the cluster. Deleting this cluster using terraform destroy or terraform apply will only succeed if this field is false in the Terraform state.	deletion_protection
Master Authorized Networks Config	Gcp Public Cidrs Access Enabled	gcpPublicCidrsAccessEnabled	About network isolation in GKE
Master Authorized Networks Config	Private Endpoint Enforcement Enabled	privateEndpointEnforcementEnabled	About network isolation in GKE
Addons Config	GCP Filestore CSI Driver Config	GcpFilestoreCsiDriverConfig	Access Filestore instances with the Filestore CSI driver
	GKE Backup Agent Config	GkeBackupAgentConfig	backup for GKE
	Ray Operator Config	RayOperatorConfig	About Ray on GKE
	Ray Cluster Logging Config	RayClusterLoggingConfig	Collect and view logs and metrics for Ray clusters on Google Kubernetes Engine
	Ray Cluster Monitoring Config	RayClusterMonitoringConfig
	Cluster Ipv4 Cidr	clusterIpv4Cidr	Create a VPC-native cluster
Cluster Autoscaling	Auto Provisioning Defaults	AutoprovisioningNodePoolDefaults	About node pool auto-creation
Binary Authorization	Evaluation mode	BinaryAuthorization	Use Binary Authorization
Service External IPs Config	Enabled	ServiceExternalIpsConfig	Exposing applications using services
Mesh Certificates	Enable Certificates	meshCertificates
Database Encryption		DatabaseEncryption	Encrypt secrets at the application layer
Enable K8s Beta Apis	Enabled APIs	K8sBetaApisConfig	Use Kubernetes beta APIs with GKE clusters
Ip Allocation Policy		IpAllocationPolicy	VPC-native clusters
Logging Config	Enable Components	enableComponents	About GKE logs
Maintenance Policy		MaintenancePolicy	Maintenance windows and exclusions
Master Auth		clientCertificateConfig	Authenticate to the Kubernetes API server
	Min Master Version	min_master_version	Versioning and upgrades
Monitoring Config	Enable Components	enableComponents	Configure metrics collection
Node Pool Auto Config	Insecure Kubelet Readonly Port Enabled	insecureKubeletReadonlyPortEnabled	Disable the kubelet read-only port in GKE clusters
	Resource Manager Tags	resourceManagerTags	Tags overview
	Network Tags	tags	Tags overview
	Linux Node Config	LinuxNodeConfig	Linux cgroup mode configuration options
Notification Config	Pubsub enabled	PubSub	Cluster notifications
	Topic	topic
	Filter Event Type	filter
Confidential Nodes	Enabled	ConfidentialNodes	Encrypt workload data in-use with Confidential Google Kubernetes Engine Nodes
Pod Security Policy Config	Enabled	podSecurityPolicyConfig	PodSecurityPolicy dprecation
Pod Autoscaling	HPA Profile	PodAutoscaling	Horizontal Pod autoscaling
Vertical Pod Autoscaling	Enabled	VerticalPodAutoscaling	Vertical Pod autoscaling
Secret Manager Config	Enabled	SecretManagerConfig	Protect your data with secret management
Authenticator Groups Config	Security Group	AuthenticatorGroupsConfig	Configure Google Groups for RBAC
Control Plane Endpoints Config	DNS Endpoint Config		About network isolation in GKE
Private Cluster Config		PrivateClusterConfig	Creating a private cluster
Cluster Telemetry	Type	clusterTelemetry
Release Channel		ReleaseChannel	About release channels
	Resource Labels	resourceLabels	Create and manage cluster and node pool labels
Cost Management Config	Enabled	CostManagementConfig	Get key spending insights for your GKE resource allocation and cluster costs
Resource Usage Export COnfig	Enabled	ResourceUsageExportConfig	Understanding cluster resource usage
Identity Service Config	Enabled	IdentityServiceConfig	Use external identity providers to authenticate to GKE
	Enable L4 Ilb Subsetting	enableL4ilbSubsetting	Create an internal load balancer
	Disable L4 Lb Firewall Reconciliation	disableL4LbFirewallReconciliation	User-managed firewall rules for GKE LoadBalancer Services
	Enable Multi Networking	enableMultiNetworking	About multi-network support for Pods
	In Transit Encryption Config	InTransitEncryptionConfig	About FIPS-validated encryption in GKE
	Enable Fqdn Network Policy	enableFqdnNetworkPolicy	Control Pod egress traffic using FQDN network policies
	Enable Cilium Clusterwide Network Policy	enableCiliumClusterwideNetworkPolicy	Control cluster-wide communication using network policies
	Private Ipv6 Google Access	PrivateIpv6GoogleAccess	VPC-native clusters
	Datapath Provider	DatapathProvider	Using GKE Dataplane V2
Default Snat Status		defaultSnatStatus	IP masquerade agent
Dns Config		DNSConfig	Using Cloud DNS for GKE
Gateway Api Config		GatewayAPIConfig	About Gateway API
Protect Config		ProtectConfig
security posture Config		SecurityPostureConfig	About the security posture dashboard
Fleet	Project	Fleet	Fleet management
Workload Alts Config	Enable Alts	WorkloadALTSConfig
Enterprise Config	Desired Tier	EnterpriseConfig
	Allow Net Admin	allowNetAdmin	GKE Autopilot security measures
	Timeouts	Timeouts