EdgeContainerCluster
| Property | Value |
|---|---|
| Google Cloud Service Name | Edge container |
| Google Cloud Service Documentation | /distributed-cloud/edge/latest/docs |
| Google Cloud REST Resource Name | v1beta1.projects.locations.clusters |
| Google Cloud REST Resource Documentation | /distributed-cloud/edge/latest/docs/reference/container/rest/v1/projects.locations.clusters |
| Config Connector Resource Short Names | gcpedgecontainercluster gcpedgecontainerclusters edgecontainercluster |
| Config Connector Service Name | edgecontainer.googleapis.com |
| Config Connector Resource Fully Qualified Name | edgecontainerclusters.edgecontainer.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Annotations
| Fields | |
|---|---|
cnrm.cloud.google.com/state-into-spec |
|
Spec
Schema
authorization:
adminUsers:
usernameRef:
external: string
name: string
namespace: string
controlPlane:
local:
machineFilter: string
nodeCount: integer
nodeLocation: string
sharedDeploymentPolicy: string
remote:
nodeLocation: string
controlPlaneEncryption:
kmsKeyActiveVersion: string
kmsKeyRef:
external: string
name: string
namespace: string
kmsKeyState: string
kmsStatus:
- code: integer
message: string
defaultMaxPodsPerNode: integer
externalLoadBalancerIpv4AddressPools:
- string
fleet:
membership: string
projectRef:
external: string
name: string
namespace: string
location: string
maintenancePolicy:
window:
recurringWindow:
recurrence: string
window:
endTime: string
startTime: string
networking:
clusterIpv4CidrBlocks:
- string
clusterIpv6CidrBlocks:
- string
networkType: string
servicesIpv4CidrBlocks:
- string
servicesIpv6CidrBlocks:
- string
projectRef:
external: string
name: string
namespace: string
releaseChannel: string
resourceID: string
systemAddonsConfig:
ingress:
disabled: boolean
ipv4Vip: string
targetVersion: string
| Fields | |
|---|---|
|
Required |
Immutable. RBAC policy that will be applied and managed by GEC. |
|
Required |
User that will be granted the cluster-admin role on the cluster, providing full access to the cluster. Currently, this is a singular field, but will be expanded to allow multiple admins in the future. |
|
Required |
|
|
Optional |
Allowed value: The `email` field of an `IAMServiceAccount` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
The configuration of the cluster control plane. |
|
Optional |
Immutable. Local control plane configuration. |
|
Optional |
Only machines matching this filter will be allowed to host control
plane nodes. The filtering language accepts strings like "name= |
|
Optional |
The number of nodes to serve as replicas of the Control Plane. Only 1 and 3 are supported. |
|
Optional |
Immutable. Name of the Google Distributed Cloud Edge zones where this node pool will be created. For example: 'us-central1-edge-customer-a'. |
|
Optional |
Policy configuration about how user applications are deployed. Possible values: ["SHARED_DEPLOYMENT_POLICY_UNSPECIFIED", "ALLOWED", "DISALLOWED"]. |
|
Optional |
Immutable. Remote control plane configuration. |
|
Optional |
Immutable. Name of the Google Distributed Cloud Edge zones where this node pool will be created. For example: 'us-central1-edge-customer-a'. |
|
Optional |
Remote control plane disk encryption options. This field is only used when enabling CMEK support. |
|
Optional |
The Cloud KMS CryptoKeyVersion currently in use for protecting control plane disks. Only applicable if kms_key is set. |
|
Optional |
|
|
Optional |
Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Availability of the Cloud KMS CryptoKey. If not 'KEY_AVAILABLE', then nodes may go offline as they cannot access their local data. This can be caused by a lack of permissions to use the key, or if the key is disabled or deleted. |
|
Optional |
Error status returned by Cloud KMS when using this key. This field may be populated only if 'kms_key_state' is not 'KMS_KEY_STATE_KEY_AVAILABLE'. If populated, this field contains the error status reported by Cloud KMS. |
|
Optional |
|
|
Optional |
The status code, which should be an enum value of google.rpc.Code. |
|
Optional |
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. |
|
Optional |
The default maximum number of pods per node used if a maximum value is not specified explicitly for a node pool in this cluster. If unspecified, the Kubernetes default value will be used. |
|
Optional |
Address pools for cluster data plane external load balancing. |
|
Optional |
|
|
Required |
Immutable. Fleet related configuration. Fleets are a Google Cloud concept for logically organizing clusters, letting you use and manage multi-cluster capabilities and apply consistent policies across your systems. |
|
Optional |
The name of the managed Hub Membership resource associated to this cluster.
Membership names are formatted as
'projects/ |
|
Required |
The number of the Fleet host project where this cluster will be registered. |
|
Optional |
Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Required |
Immutable. The location of the resource. |
|
Optional |
Cluster-wide maintenance policy configuration. |
|
Required* |
Specifies the maintenance window in which maintenance may be performed. |
|
Required* |
Represents an arbitrary window of time that recurs. |
|
Optional |
An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how this window recurs. They go on for the span of time between the start and end time. |
|
Optional |
Represents an arbitrary window of time. |
|
Optional |
The time that the window ends. The end time must take place after the start time. |
|
Optional |
The time that the window first starts. |
|
Required |
Fleet related configuration. Fleets are a Google Cloud concept for logically organizing clusters, letting you use and manage multi-cluster capabilities and apply consistent policies across your systems. |
|
Required |
Immutable. All pods in the cluster are assigned an RFC1918 IPv4 address from these blocks. Only a single block is supported. This field cannot be changed after creation. |
|
Required |
|
|
Optional |
Immutable. If specified, dual stack mode is enabled and all pods in the cluster are assigned an IPv6 address from these blocks alongside from an IPv4 address. Only a single block is supported. This field cannot be changed after creation. |
|
Optional |
|
|
Optional |
IP addressing type of this cluster i.e. SINGLESTACK_V4 vs DUALSTACK_V4_V6. |
|
Required |
Immutable. All services in the cluster are assigned an RFC1918 IPv4 address from these blocks. Only a single block is supported. This field cannot be changed after creation. |
|
Required |
|
|
Optional |
Immutable. If specified, dual stack mode is enabled and all services in the cluster are assigned an IPv6 address from these blocks alongside from an IPv4 address. Only a single block is supported. This field cannot be changed after creation. |
|
Optional |
|
|
Required |
The project that this resource belongs to. |
|
Optional |
Allowed value: The `name` field of a `Project` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
The release channel a cluster is subscribed to. Possible values: ["RELEASE_CHANNEL_UNSPECIFIED", "NONE", "REGULAR"]. |
|
Optional |
Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
|
Optional |
Config that customers are allowed to define for GDCE system add-ons. |
|
Optional |
Config for the Ingress add-on which allows customers to create an Ingress object to manage external access to the servers in a cluster. The add-on consists of istiod and istio-ingress. |
|
Optional |
Whether Ingress is disabled. |
|
Optional |
Ingress VIP. |
|
Optional |
The target cluster version. For example: "1.5.0". |
* Field is required when parent field is specified
Status
Schema
clusterCaCertificate: string
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
controlPlaneVersion: string
createTime: string
endpoint: string
maintenanceEvents:
- createTime: string
endTime: string
operation: string
schedule: string
startTime: string
state: string
targetVersion: string
type: string
updateTime: string
uuid: string
nodeVersion: string
observedGeneration: integer
port: integer
status: string
updateTime: string
| Fields | |
|---|---|
clusterCaCertificate |
The PEM-encoded public certificate of the cluster's CA. |
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
controlPlaneVersion |
The control plane release version. |
createTime |
The time the cluster was created, in RFC3339 text format. |
endpoint |
The IP address of the Kubernetes API server. |
maintenanceEvents |
All the maintenance events scheduled for the cluster, including the ones ongoing, planned for the future and done in the past (up to 90 days). |
maintenanceEvents[] |
|
maintenanceEvents[].createTime |
The time when the maintenance event request was created. |
maintenanceEvents[].endTime |
The time when the maintenance event ended, either successfully or not. If the maintenance event is split into multiple maintenance windows, end_time is only updated when the whole flow ends. |
maintenanceEvents[].operation |
The operation for running the maintenance event. Specified in the format projects/*/locations/*/operations/*. If the maintenance event is split into multiple operations (e.g. due to maintenance windows), the latest one is recorded. |
maintenanceEvents[].schedule |
The schedule of the maintenance event. |
maintenanceEvents[].startTime |
The time when the maintenance event started. |
maintenanceEvents[].state |
Indicates the maintenance event state. |
maintenanceEvents[].targetVersion |
The target version of the cluster. |
maintenanceEvents[].type |
Indicates the maintenance event type. |
maintenanceEvents[].updateTime |
The time when the maintenance event message was updated. |
maintenanceEvents[].uuid |
UUID of the maintenance event. |
nodeVersion |
The lowest release version among all worker nodes. This field can be empty if the cluster does not have any worker nodes. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
port |
The port number of the Kubernetes API server. |
status |
Indicates the status of the cluster. |
updateTime |
The time the cluster was last updated, in RFC3339 text format. |
Sample YAML(s)
Edgecontainercluster Local Control Plane
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: edgecontainer.cnrm.cloud.google.com/v1beta1
kind: EdgeContainerCluster
metadata:
name: edgecontainercluster-local-control-plane-sample
labels:
label-one: "value-one"
spec:
projectRef:
# Replace ${PROJECT_ID?} with your Google Cloud project id
external: ${PROJECT_ID?}
location: us-central1
networking:
clusterIpv4CidrBlocks: ["10.0.0.0/16"]
servicesIpv4CidrBlocks: ["10.1.0.0/16"]
fleet:
projectRef:
# Replace ${PROJECT_NUMBER?} with your Google Cloud project number
external: projects/${PROJECT_NUMBER?}
authorization:
adminUsers:
usernameRef:
# Replace ${CLUSTER_ADMIN_ACCOUNT?} with your user account or service account
external: ${CLUSTER_ADMIN_ACCOUNT?}
controlPlane:
local:
nodeCount: 1
# Replace ${NODE_LOCATION?} with the machine zone location
nodeLocation: ${NODE_LOCATION?}
sharedDeploymentPolicy: ALLOWED
# Replace ${EXTERNAL_LOAD_BALANCER_IPV4_CIDR?} with cluster external load balancer IPV4 CIDR
externalLoadBalancerIpv4AddressPools:
- ${EXTERNAL_LOAD_BALANCER_IPV4_CIDR?}
Edgecontainercluster Remote Control Plane
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: edgecontainer.cnrm.cloud.google.com/v1beta1
kind: EdgeContainerCluster
metadata:
name: edgecontainercluster-remote-control-plane-sample
labels:
label-one: "value-one"
spec:
projectRef:
# Replace ${PROJECT_ID?} with your Google Cloud project id
external: ${PROJECT_ID?}
location: us-central1
networking:
clusterIpv4CidrBlocks: ["10.0.0.0/16"]
servicesIpv4CidrBlocks: ["10.1.0.0/16"]
fleet:
projectRef:
# Replace ${PROJECT_NUMBER?} with your Google Cloud project number
external: projects/${PROJECT_NUMBER?}
authorization:
adminUsers:
usernameRef:
# Replace ${CLUSTER_ADMIN_ACCOUNT?} with your user account or service account
external: ${CLUSTER_ADMIN_ACCOUNT?}
maintenancePolicy:
window:
recurringWindow:
window:
startTime: "2023-01-01T08:00:00Z"
endTime: "2023-01-01T17:00:00Z"
recurrence: "FREQ=WEEKLY;BYDAY=SA"