本页面介绍了如何使用组织政策服务自定义限制条件来限制对以下 Google Cloud 资源执行的特定操作:
gkeonprem.googleapis.com/BareMetalAdminClustergkeonprem.googleapis.com/BareMetalClustergkeonprem.googleapis.com/BareMetalNodePoolgkeonprem.googleapis.com/VmwareAdminClustergkeonprem.googleapis.com/VmwareClustergkeonprem.googleapis.com/VmwareNodePool
如需详细了解组织政策,请参阅自定义组织政策。
组织政策和限制条件简介
借助 Google Cloud 组织政策服务,您可以对组织的资源进行程序化集中控制。作为组织政策管理员,您可以定义组织政策,这是一组称为限制条件的限制,会应用于 Google Cloud 资源层次结构中的Google Cloud 资源及其后代。您可以在组织、文件夹或项目级强制执行组织政策。
组织政策为各种 Google Cloud 服务提供内置的托管式限制。但是,如果您想要更精细地控制和自定义组织政策中受限的特定字段,还可以创建自定义限制条件并在组织政策中使用这些自定义限制条件。
政策继承
如果您对资源强制执行政策,默认情况下,该资源的后代会继承组织政策。例如,如果您对某个文件夹强制执行一项政策, Google Cloud 会对该文件夹中的所有项目强制执行该政策。如需详细了解此行为及其更改方式,请参阅层次结构评估规则。
准备工作
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Verify that billing is enabled for your Google Cloud project.
-
Install the Google Cloud CLI.
-
如果您使用的是外部身份提供方 (IdP),则必须先使用联合身份登录 gcloud CLI。
-
如需初始化 gcloud CLI,请运行以下命令:
gcloud init -
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Verify that billing is enabled for your Google Cloud project.
-
Install the Google Cloud CLI.
-
如果您使用的是外部身份提供方 (IdP),则必须先使用联合身份登录 gcloud CLI。
-
如需初始化 gcloud CLI,请运行以下命令:
gcloud init - 请确保您知道您的组织 ID。
ORGANIZATION_ID:您的组织 ID,例如123456789。CONSTRAINT_NAME:新的自定义限制条件的名称。 自定义限制条件必须以custom.开头,只能包含大写字母、小写字母或数字。例如custom.denyHighNumvCPUs。该字段的最大长度为 70 个字符。RESOURCE_NAME:包含要限制的对象和字段的Google Cloud 资源的完全限定名称。例如gkeonprem.googleapis.com/gkeonprem.googleapis.com/VmwareNodePool。CONDITION:针对受支持的服务资源的表示法编写的 CEL 条件。此字段的长度上限为 1,000 个字符。 如需详细了解可用于针对其编写条件的资源,请参阅支持的资源。 例如resource.config.cpus > 4。ACTION:满足condition时要执行的操作。 只能是ALLOW。DISPLAY_NAME:限制条件的直观易记名称。 此字段的最大长度为 200 个字符。DESCRIPTION:直观易懂的限制条件说明,在违反政策时显示为错误消息。 此字段的长度上限为 2,000 个字符。- 在 Google Cloud 控制台中,前往组织政策页面。
- 在项目选择器中,选择要设置组织政策的项目。
- 从组织政策页面上的列表中选择您的限制条件,以查看该限制条件的政策详情页面。
- 如需为该资源配置组织政策,请点击管理政策。
- 在修改政策页面,选择覆盖父级政策。
- 点击添加规则。
- 在强制执行部分中,选择开启还是关闭此组织政策的强制执行。
- (可选)如需使组织政策成为基于某个标记的条件性政策,请点击添加条件。请注意,如果您向组织政策添加条件规则,则必须至少添加一个无条件规则,否则无法保存政策。如需了解详情,请参阅设置带有标记的组织政策。
- 点击测试更改以模拟组织政策的效果。政策模拟不适用于旧版托管式限制。如需了解详情,请参阅使用 Policy Simulator 测试组织政策更改。
- 若要完成并应用组织政策,请点击设置政策。该政策最长需要 15 分钟才能生效。
-
PROJECT_ID:要对其实施限制条件的项目。 -
CONSTRAINT_NAME:您为自定义限制条件定义的名称。例如,custom.denyHighNumvCPUs。 - 您的组织 ID
- 项目 ID
将以下文件保存为
constraint-node-pool-vcpus.yaml:name: organizations/ORGANIZATION_ID/customConstraints/custom.denyHighNumvCPUs resourceTypes: - gkeonprem.googleapis.com/VmwareNodePool methodTypes: - CREATE - UPDATE condition: resource.config.cpus > 4 actionType: DENY displayName: Node pool vCPU constraint description: Node pools must have 4 or fewer vCPUs.这定义了一个限制条件,将节点池中的 vCPU 数量限制为 4 个或更少。如果在创建或更新节点池时 vCPU 的数量大于 4,则系统会拒绝该操作。
应用限制条件:
gcloud org-policies set-custom-constraint ~/constraint-node-pool-vcpus.yaml验证限制条件存在:
gcloud org-policies list-custom-constraints --organization=ORGANIZATION_ID输出类似于以下内容:
CUSTOM_CONSTRAINT ACTION_TYPE METHOD_TYPES RESOURCE_TYPES DISPLAY_NAME custom.denyHighNumvCPUs DENY CREATE gkeonprem.googleapis.com/VmwareNodePool Node pool vCPU constraint ...将以下文件保存为
policy-deny-node-pool-high-vcpus.yaml:name: projects/PROJECT_ID/policies/custom.denyHighNumvCPUs spec: rules: - enforce: true将
PROJECT_ID替换为您的项目 ID。应用政策:
gcloud org-policies set-policy ~/policy-deny-node-pool-high-vcpus.yaml验证政策存在:
gcloud org-policies list --project=PROJECT_ID输出类似于以下内容:
CONSTRAINT LIST_POLICY BOOLEAN_POLICY ETAG custom.denyHighNumvCPUs - SET COCsm5QGENiXi2E=(可选)列出用户集群以获取集群名称和区域:
gcloud container vmware clusters list \ --project=PROJECT_ID\ --location=-设置
--location=-时,意味着列出所有区域中的所有用户集群。如果您需要缩小列表范围,请将--location设置为您在创建集群或在 GKE On-Prem API 中注册集群时指定的区域。(可选)列出节点池以获取要更新的节点池的名称:
gcloud container vmware node-pools list \ --cluster=USER_CLUSTER_NAME \ --project=PROJECT_ID \ --location=REGION替换以下内容:
USER_CLUSTER_NAME:包含节点池的用户集群的名称。REGION:与用户集群关联的 Google Cloud 区域。
运行以下命令,尝试将 vCPU 数量更新为 6:
gcloud container vmware node-pools update NODE_POOL_NAME \ --cluster=USER_CLUSTER_NAME \ --project=PROJECT_ID \ --location=REGION \ --cpus=6替换
NODE_POOL_NAME:节点池的名称。
所需的角色
如需获得管理自定义组织政策所需的权限,请让您的管理员为您授予组织资源的 Organization Policy Administrator (roles/orgpolicy.policyAdmin) IAM 角色。
如需详细了解如何授予角色,请参阅管理对项目、文件夹和组织的访问权限。
创建自定义限制条件
自定义限制条件是在 YAML 文件中,由实施组织政策的服务所支持的资源、方法、条件和操作定义的。自定义限制条件的条件使用通用表达式语言 (CEL) 进行定义。如需详细了解如何使用 CEL 构建自定义限制条件中的条件,请参阅创建和管理自定义限制条件的 CEL 部分。
如需创建自定义限制条件,请使用以下格式创建 YAML 文件:
name: organizations/ORGANIZATION_ID/customConstraints/CONSTRAINT_NAME
resourceTypes:
- RESOURCE_NAME
methodTypes:
- CREATE
condition: "CONDITION"
actionType: ACTION
displayName: DISPLAY_NAME
description: DESCRIPTION
替换以下内容:
如需详细了解如何创建自定义限制条件,请参阅定义自定义限制条件。
设置自定义限制条件
为新的自定义限制条件创建 YAML 文件后,您必须对其进行设置,以使其可用于组织中的组织政策。如需设置自定义限制条件,请使用gcloud org-policies set-custom-constraint 命令:
gcloud org-policies set-custom-constraint CONSTRAINT_PATH
CONSTRAINT_PATH 替换为自定义限制条件文件的完整路径。例如 /home/user/customconstraint.yaml。完成后,您的自定义限制条件会成为 Google Cloud 组织政策列表中的组织政策。如需验证自定义限制条件是否存在,请使用 gcloud org-policies list-custom-constraints 命令:gcloud org-policies list-custom-constraints --organization=ORGANIZATION_ID
ORGANIZATION_ID 替换为您的组织资源的 ID。
如需了解详情,请参阅查看组织政策。
强制执行自定义组织政策
如需强制执行限制条件,您可以创建引用该限制条件的组织政策,并将该组织政策应用于 Google Cloud 资源。控制台
gcloud
如需创建包含布尔值规则的组织政策,请创建引用该限制条件的 YAML 政策文件:
name: projects/PROJECT_ID/policies/CONSTRAINT_NAME spec: rules: - enforce: true
请替换以下内容:
如需强制执行包含限制条件的组织政策,请运行以下命令:
gcloud org-policies set-policy POLICY_PATH
将 POLICY_PATH 替换为组织政策 YAML 文件的完整路径。该政策最长需要 15 分钟才能生效。
测试自定义组织政策
以下示例展示了如何拒绝更新 Google Distributed Cloud(纯软件)VMware 用户集群中具有四个以上 vCPU 的节点池。
在开始之前,您必须了解以下信息:
创建限制条件
创建政策
应用政策后,请等待大约 15 分钟,以便 Google Cloud 开始强制执行政策。
测试政策
尝试更新违反政策的节点池。
操作被拒绝。输出如下所示:
Operation denied by custom org policy on resource 'projects/PROJECT_ID/locations/REGION/entryGroups/org-policy-test': ["customConstraints/custom.denyHighNumvCPUs"]
常见用例的自定义组织政策示例
下表提供了一些常见自定义限制条件的语法示例。
| 说明 | 限制条件语法 |
|---|---|
| 拒绝版本 |
name: organizations/ORGANIZATION_ID/customConstraints/custom.VersionDeny resourceTypes: - gkeonprem.googleapis.com/BareMetalCluster methodTypes: - CREATE - UPDATE condition: resource.bareMetalVersion.startsWith("1.29") actionType: DENY displayName: Bare metal user cluster version denied description: The bare metal user cluster version is no longer supported |
| 仅当存在密钥时才允许 |
name: organizations/ORGANIZATION_ID/customConstraints/custom.AllowAnnotation resourceTypes: - gkeonprem.googleapis.com/BareMetalAdminCluster methodTypes: - CREATE - UPDATE condition: '"allowKey" in resource.annotations' actionType: ALLOW displayName: Bare metal admin cluster annotation keys allowed description: Annotation keys are allowed on bare metal admin clusters |
GKE On-Prem API 支持的资源
下表列出了您可以在自定义限制条件中引用的 GKE On-Prem API 资源。| 资源 | 字段 |
|---|---|
| gkeonprem.googleapis.com/BareMetalAdminCluster |
resource.annotations
|
resource.bareMetalVersion
| |
resource.binaryAuthorization.evaluationMode
| |
resource.clusterOperations.enableApplicationLogs
| |
resource.controlPlane.apiServerArgs.argument
| |
resource.controlPlane.apiServerArgs.value
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.kubeletConfig.registryBurst
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.kubeletConfig.registryPullQps
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.kubeletConfig.serializeImagePullsDisabled
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.nodeConfigs.nodeIp
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.operatingSystem
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.taints.effect
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.taints.key
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.taints.value
| |
resource.description
| |
resource.loadBalancer.manualLbConfig.enabled
| |
resource.loadBalancer.portConfig.controlPlaneLoadBalancerPort
| |
resource.loadBalancer.vipConfig.controlPlaneVip
| |
resource.maintenanceConfig.maintenanceAddressCidrBlocks
| |
resource.name
| |
resource.networkConfig.islandModeCidr.podAddressCidrBlocks
| |
resource.networkConfig.islandModeCidr.serviceAddressCidrBlocks
| |
resource.nodeAccessConfig.loginUser
| |
resource.nodeConfig.maxPodsPerNode
| |
resource.osEnvironmentConfig.packageRepoExcluded
| |
resource.proxy.noProxy
| |
resource.proxy.uri
| |
resource.securityConfig.authorization.adminUsers.username
| |
resource.storage.lvpNodeMountsConfig.path
| |
resource.storage.lvpNodeMountsConfig.storageClass
| |
resource.storage.lvpShareConfig.lvpConfig.path
| |
resource.storage.lvpShareConfig.lvpConfig.storageClass
| |
resource.storage.lvpShareConfig.sharedPathPvCount
| |
| gkeonprem.googleapis.com/BareMetalCluster |
resource.adminClusterMembership
|
resource.annotations
| |
resource.bareMetalVersion
| |
resource.binaryAuthorization.evaluationMode
| |
resource.clusterOperations.enableApplicationLogs
| |
resource.controlPlane.apiServerArgs.argument
| |
resource.controlPlane.apiServerArgs.value
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.kubeletConfig.registryBurst
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.kubeletConfig.registryPullQps
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.kubeletConfig.serializeImagePullsDisabled
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.nodeConfigs.nodeIp
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.operatingSystem
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.taints.effect
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.taints.key
| |
resource.controlPlane.controlPlaneNodePoolConfig.nodePoolConfig.taints.value
| |
resource.description
| |
resource.loadBalancer.bgpLbConfig.addressPools.addresses
| |
resource.loadBalancer.bgpLbConfig.addressPools.avoidBuggyIps
| |
resource.loadBalancer.bgpLbConfig.addressPools.manualAssign
| |
resource.loadBalancer.bgpLbConfig.addressPools.pool
| |
resource.loadBalancer.bgpLbConfig.asn
| |
resource.loadBalancer.bgpLbConfig.bgpPeerConfigs.asn
| |
resource.loadBalancer.bgpLbConfig.bgpPeerConfigs.controlPlaneNodes
| |
resource.loadBalancer.bgpLbConfig.bgpPeerConfigs.ipAddress
| |
resource.loadBalancer.bgpLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.kubeletConfig.registryBurst
| |
resource.loadBalancer.bgpLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.kubeletConfig.registryPullQps
| |
resource.loadBalancer.bgpLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.kubeletConfig.serializeImagePullsDisabled
| |
resource.loadBalancer.bgpLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.nodeConfigs.nodeIp
| |
resource.loadBalancer.bgpLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.operatingSystem
| |
resource.loadBalancer.bgpLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.taints.effect
| |
resource.loadBalancer.bgpLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.taints.key
| |
resource.loadBalancer.bgpLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.taints.value
| |
resource.loadBalancer.manualLbConfig.enabled
| |
resource.loadBalancer.metalLbConfig.addressPools.addresses
| |
resource.loadBalancer.metalLbConfig.addressPools.avoidBuggyIps
| |
resource.loadBalancer.metalLbConfig.addressPools.manualAssign
| |
resource.loadBalancer.metalLbConfig.addressPools.pool
| |
resource.loadBalancer.metalLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.kubeletConfig.registryBurst
| |
resource.loadBalancer.metalLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.kubeletConfig.registryPullQps
| |
resource.loadBalancer.metalLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.kubeletConfig.serializeImagePullsDisabled
| |
resource.loadBalancer.metalLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.nodeConfigs.nodeIp
| |
resource.loadBalancer.metalLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.operatingSystem
| |
resource.loadBalancer.metalLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.taints.effect
| |
resource.loadBalancer.metalLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.taints.key
| |
resource.loadBalancer.metalLbConfig.loadBalancerNodePoolConfig.nodePoolConfig.taints.value
| |
resource.loadBalancer.portConfig.controlPlaneLoadBalancerPort
| |
resource.loadBalancer.vipConfig.controlPlaneVip
| |
resource.loadBalancer.vipConfig.ingressVip
| |
resource.maintenanceConfig.maintenanceAddressCidrBlocks
| |
resource.name
| |
resource.networkConfig.advancedNetworking
| |
resource.networkConfig.islandModeCidr.podAddressCidrBlocks
| |
resource.networkConfig.islandModeCidr.serviceAddressCidrBlocks
| |
resource.networkConfig.multipleNetworkInterfacesConfig.enabled
| |
resource.networkConfig.srIovConfig.enabled
| |
resource.nodeAccessConfig.loginUser
| |
resource.nodeConfig.containerRuntime
| |
resource.nodeConfig.maxPodsPerNode
| |
resource.osEnvironmentConfig.packageRepoExcluded
| |
resource.proxy.noProxy
| |
resource.proxy.uri
| |
resource.securityConfig.authorization.adminUsers.username
| |
resource.storage.lvpNodeMountsConfig.path
| |
resource.storage.lvpNodeMountsConfig.storageClass
| |
resource.storage.lvpShareConfig.lvpConfig.path
| |
resource.storage.lvpShareConfig.lvpConfig.storageClass
| |
resource.storage.lvpShareConfig.sharedPathPvCount
| |
resource.upgradePolicy.policy
| |
| gkeonprem.googleapis.com/BareMetalNodePool |
resource.annotations
|
resource.displayName
| |
resource.name
| |
resource.nodePoolConfig.kubeletConfig.registryBurst
| |
resource.nodePoolConfig.kubeletConfig.registryPullQps
| |
resource.nodePoolConfig.kubeletConfig.serializeImagePullsDisabled
| |
resource.nodePoolConfig.nodeConfigs.nodeIp
| |
resource.nodePoolConfig.operatingSystem
| |
resource.nodePoolConfig.taints.effect
| |
resource.nodePoolConfig.taints.key
| |
resource.nodePoolConfig.taints.value
| |
resource.upgradePolicy.parallelUpgradeConfig.concurrentNodes
| |
resource.upgradePolicy.parallelUpgradeConfig.minimumAvailableNodes
| |
| gkeonprem.googleapis.com/VmwareAdminCluster |
resource.addonNode.autoResizeConfig.enabled
|
resource.annotations
| |
resource.antiAffinityGroups.aagConfigDisabled
| |
resource.authorization.viewerUsers.username
| |
resource.autoRepairConfig.enabled
| |
resource.bootstrapClusterMembership
| |
resource.controlPlaneNode.cpus
| |
resource.controlPlaneNode.memory
| |
resource.controlPlaneNode.replicas
| |
resource.description
| |
resource.enableAdvancedCluster
| |
resource.imageType
| |
resource.loadBalancer.f5Config.address
| |
resource.loadBalancer.f5Config.partition
| |
resource.loadBalancer.f5Config.snatPool
| |
resource.loadBalancer.manualLbConfig.addonsNodePort
| |
resource.loadBalancer.manualLbConfig.controlPlaneNodePort
| |
resource.loadBalancer.manualLbConfig.ingressHttpNodePort
| |
resource.loadBalancer.manualLbConfig.ingressHttpsNodePort
| |
resource.loadBalancer.manualLbConfig.konnectivityServerNodePort
| |
resource.loadBalancer.metalLbConfig.enabled
| |
resource.loadBalancer.vipConfig.addonsVip
| |
resource.loadBalancer.vipConfig.controlPlaneVip
| |
resource.name
| |
resource.networkConfig.dhcpIpConfig.enabled
| |
resource.networkConfig.haControlPlaneConfig.controlPlaneIpBlock.gateway
| |
resource.networkConfig.haControlPlaneConfig.controlPlaneIpBlock.ips.hostname
| |
resource.networkConfig.haControlPlaneConfig.controlPlaneIpBlock.ips.ip
| |
resource.networkConfig.haControlPlaneConfig.controlPlaneIpBlock.netmask
| |
resource.networkConfig.hostConfig.dnsSearchDomains
| |
resource.networkConfig.hostConfig.dnsServers
| |
resource.networkConfig.hostConfig.ntpServers
| |
resource.networkConfig.podAddressCidrBlocks
| |
resource.networkConfig.serviceAddressCidrBlocks
| |
resource.networkConfig.staticIpConfig.ipBlocks.gateway
| |
resource.networkConfig.staticIpConfig.ipBlocks.ips.hostname
| |
resource.networkConfig.staticIpConfig.ipBlocks.ips.ip
| |
resource.networkConfig.staticIpConfig.ipBlocks.netmask
| |
resource.networkConfig.vcenterNetwork
| |
resource.onPremVersion
| |
resource.platformConfig.requiredPlatformVersion
| |
resource.vcenter.address
| |
resource.vcenter.caCertData
| |
resource.vcenter.cluster
| |
resource.vcenter.datacenter
| |
resource.vcenter.dataDisk
| |
resource.vcenter.datastore
| |
resource.vcenter.folder
| |
resource.vcenter.resourcePool
| |
resource.vcenter.storagePolicyName
| |
| gkeonprem.googleapis.com/VmwareCluster |
resource.adminClusterMembership
|
resource.annotations
| |
resource.antiAffinityGroups.aagConfigDisabled
| |
resource.authorization.adminUsers.username
| |
resource.autoRepairConfig.enabled
| |
resource.binaryAuthorization.evaluationMode
| |
resource.controlPlaneNode.autoResizeConfig.enabled
| |
resource.controlPlaneNode.cpus
| |
resource.controlPlaneNode.memory
| |
resource.controlPlaneNode.replicas
| |
resource.controlPlaneNode.vsphereConfig.datastore
| |
resource.controlPlaneNode.vsphereConfig.storagePolicyName
| |
resource.dataplaneV2.advancedNetworking
| |
resource.dataplaneV2.dataplaneV2Enabled
| |
resource.dataplaneV2.forwardMode
| |
resource.dataplaneV2.windowsDataplaneV2Enabled
| |
resource.description
| |
resource.disableBundledIngress
| |
resource.enableAdvancedCluster
| |
resource.enableControlPlaneV2
| |
resource.loadBalancer.f5Config.address
| |
resource.loadBalancer.f5Config.partition
| |
resource.loadBalancer.f5Config.snatPool
| |
resource.loadBalancer.manualLbConfig.controlPlaneNodePort
| |
resource.loadBalancer.manualLbConfig.ingressHttpNodePort
| |
resource.loadBalancer.manualLbConfig.ingressHttpsNodePort
| |
resource.loadBalancer.manualLbConfig.konnectivityServerNodePort
| |
resource.loadBalancer.metalLbConfig.addressPools.addresses
| |
resource.loadBalancer.metalLbConfig.addressPools.avoidBuggyIps
| |
resource.loadBalancer.metalLbConfig.addressPools.manualAssign
| |
resource.loadBalancer.metalLbConfig.addressPools.pool
| |
resource.loadBalancer.vipConfig.controlPlaneVip
| |
resource.loadBalancer.vipConfig.ingressVip
| |
resource.name
| |
resource.networkConfig.controlPlaneV2Config.controlPlaneIpBlock.gateway
| |
resource.networkConfig.controlPlaneV2Config.controlPlaneIpBlock.ips.hostname
| |
resource.networkConfig.controlPlaneV2Config.controlPlaneIpBlock.ips.ip
| |
resource.networkConfig.controlPlaneV2Config.controlPlaneIpBlock.netmask
| |
resource.networkConfig.dhcpIpConfig.enabled
| |
resource.networkConfig.hostConfig.dnsSearchDomains
| |
resource.networkConfig.hostConfig.dnsServers
| |
resource.networkConfig.hostConfig.ntpServers
| |
resource.networkConfig.podAddressCidrBlocks
| |
resource.networkConfig.serviceAddressCidrBlocks
| |
resource.networkConfig.staticIpConfig.ipBlocks.gateway
| |
resource.networkConfig.staticIpConfig.ipBlocks.ips.hostname
| |
resource.networkConfig.staticIpConfig.ipBlocks.ips.ip
| |
resource.networkConfig.staticIpConfig.ipBlocks.netmask
| |
resource.networkConfig.vcenterNetwork
| |
resource.onPremVersion
| |
resource.storage.vsphereCsiDisabled
| |
resource.upgradePolicy.controlPlaneOnly
| |
resource.vcenter.caCertData
| |
resource.vcenter.cluster
| |
resource.vcenter.datacenter
| |
resource.vcenter.datastore
| |
resource.vcenter.folder
| |
resource.vcenter.resourcePool
| |
resource.vcenter.storagePolicyName
| |
resource.vmTrackingEnabled
| |
| gkeonprem.googleapis.com/VmwareNodePool |
resource.annotations
|
resource.config.bootDiskSizeGb
| |
resource.config.cpus
| |
resource.config.enableLoadBalancer
| |
resource.config.image
| |
resource.config.imageType
| |
resource.config.memoryMb
| |
resource.config.replicas
| |
resource.config.taints.effect
| |
resource.config.taints.key
| |
resource.config.taints.value
| |
resource.config.vsphereConfig.datastore
| |
resource.config.vsphereConfig.hostGroups
| |
resource.config.vsphereConfig.tags.category
| |
resource.config.vsphereConfig.tags.tag
| |
resource.displayName
| |
resource.name
| |
resource.nodePoolAutoscaling.maxReplicas
| |
resource.nodePoolAutoscaling.minReplicas
| |
resource.onPremVersion
|