REST Resource: projects.locations.clusters

Resource: Cluster

A Google Kubernetes Engine cluster.

JSON representation
{
  "name": string,
  "description": string,
  "initialNodeCount": number,
  "nodeConfig": {
    object (NodeConfig)
  },
  "masterAuth": {
    object (MasterAuth)
  },
  "loggingService": string,
  "monitoringService": string,
  "network": string,
  "clusterIpv4Cidr": string,
  "addonsConfig": {
    object (AddonsConfig)
  },
  "subnetwork": string,
  "nodePools": [
    {
      object (NodePool)
    }
  ],
  "locations": [
    string
  ],
  "enableKubernetesAlpha": boolean,
  "resourceLabels": {
    string: string,
    ...
  },
  "labelFingerprint": string,
  "legacyAbac": {
    object (LegacyAbac)
  },
  "networkPolicy": {
    object (NetworkPolicy)
  },
  "ipAllocationPolicy": {
    object (IPAllocationPolicy)
  },
  "masterAuthorizedNetworksConfig": {
    object (MasterAuthorizedNetworksConfig)
  },
  "maintenancePolicy": {
    object (MaintenancePolicy)
  },
  "binaryAuthorization": {
    object (BinaryAuthorization)
  },
  "podSecurityPolicyConfig": {
    object (PodSecurityPolicyConfig)
  },
  "autoscaling": {
    object (ClusterAutoscaling)
  },
  "networkConfig": {
    object (NetworkConfig)
  },
  "privateCluster": boolean,
  "masterIpv4CidrBlock": string,
  "defaultMaxPodsConstraint": {
    object (MaxPodsConstraint)
  },
  "resourceUsageExportConfig": {
    object (ResourceUsageExportConfig)
  },
  "authenticatorGroupsConfig": {
    object (AuthenticatorGroupsConfig)
  },
  "privateClusterConfig": {
    object (PrivateClusterConfig)
  },
  "verticalPodAutoscaling": {
    object (VerticalPodAutoscaling)
  },
  "shieldedNodes": {
    object (ShieldedNodes)
  },
  "releaseChannel": {
    object (ReleaseChannel)
  },
  "tierSettings": {
    object (TierSettings)
  },
  "workloadIdentityConfig": {
    object (WorkloadIdentityConfig)
  },
  "selfLink": string,
  "zone": string,
  "endpoint": string,
  "initialClusterVersion": string,
  "currentMasterVersion": string,
  "currentNodeVersion": string,
  "createTime": string,
  "status": enum (Status),
  "statusMessage": string,
  "nodeIpv4CidrSize": number,
  "servicesIpv4Cidr": string,
  "instanceGroupUrls": [
    string
  ],
  "currentNodeCount": number,
  "expireTime": string,
  "location": string,
  "enableTpu": boolean,
  "tpuIpv4CidrBlock": string,
  "databaseEncryption": {
    object (DatabaseEncryption)
  },
  "conditions": [
    {
      object (StatusCondition)
    }
  ]
}
Fields
name

string

The name of this cluster. The name must be unique within this project and zone, and can be up to 40 characters with the following restrictions:

  • Lowercase letters, numbers, and hyphens only.
  • Must start with a letter.
  • Must end with a number or a letter.

description

string

An optional description of this cluster.

initialNodeCount
(deprecated)

number

The number of nodes to create in this cluster. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota. For requests, this field should only be used in lieu of a "nodePool" object, since this configuration (along with the "nodeConfig") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a nodePool at the same time.

This field is deprecated, use nodePool.initial_node_count instead.

nodeConfig
(deprecated)

object (NodeConfig)

Parameters used in creating the cluster's nodes. For requests, this field should only be used in lieu of a "nodePool" object, since this configuration (along with the "initialNodeCount") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a nodePool at the same time. For responses, this field will be populated with the node configuration of the first node pool. (For configuration of each node pool, see nodePool.config)

If unspecified, the defaults are used. This field is deprecated, use nodePool.config instead.

masterAuth

object (MasterAuth)

The authentication information for accessing the master endpoint. If unspecified, the defaults are used: For clusters before v1.12, if masterAuth is unspecified, username will be set to "admin", a random password will be generated, and a client certificate will be issued.

loggingService

string

The logging service the cluster should use to write logs. Currently available options:

  • logging.googleapis.com - the Google Cloud Logging service.
  • none - no logs will be exported from the cluster.
  • if left as an empty string,logging.googleapis.com will be used.

monitoringService

string

The monitoring service the cluster should use to write metrics. Currently available options:

  • monitoring.googleapis.com - the Google Cloud Monitoring service.
  • none - no metrics will be exported from the cluster.
  • if left as an empty string, monitoring.googleapis.com will be used.

network

string

The name of the Google Compute Engine network to which the cluster is connected. If left unspecified, the default network will be used. On output this shows the network ID instead of the name.

clusterIpv4Cidr

string

The IP address range of the container pods in this cluster, in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8.

addonsConfig

object (AddonsConfig)

Configurations for the various addons available to run in the cluster.

subnetwork

string

The name of the Google Compute Engine subnetwork to which the cluster is connected. On output this shows the subnetwork ID instead of the name.

nodePools[]

object (NodePool)

The node pools associated with this cluster. This field should not be set if "nodeConfig" or "initialNodeCount" are specified.

locations[]

string

The list of Google Compute Engine zones in which the cluster's nodes should be located.

enableKubernetesAlpha

boolean

Kubernetes alpha features are enabled on this cluster. This includes alpha API groups (e.g. v1beta1) and features that may not be production ready in the kubernetes version of the master and nodes. The cluster has no SLA for uptime and master/node upgrades are disabled. Alpha enabled clusters are automatically deleted thirty days after creation.

resourceLabels

map (key: string, value: string)

The resource labels for the cluster to use to annotate any related Google Compute Engine resources.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

labelFingerprint

string

The fingerprint of the set of labels for this cluster.

legacyAbac

object (LegacyAbac)

Configuration for the legacy ABAC authorization mode.

networkPolicy

object (NetworkPolicy)

Configuration options for the NetworkPolicy feature.

ipAllocationPolicy

object (IPAllocationPolicy)

Configuration for cluster IP allocation.

masterAuthorizedNetworksConfig

object (MasterAuthorizedNetworksConfig)

The configuration options for master authorized networks feature.

maintenancePolicy

object (MaintenancePolicy)

Configure the maintenance policy for this cluster.

binaryAuthorization

object (BinaryAuthorization)

Configuration for Binary Authorization.

podSecurityPolicyConfig

object (PodSecurityPolicyConfig)

Configuration for the PodSecurityPolicy feature.

autoscaling

object (ClusterAutoscaling)

Cluster-level autoscaling configuration.

networkConfig

object (NetworkConfig)

Configuration for cluster networking.

privateCluster
(deprecated)

boolean

If this is a private cluster setup. Private clusters are clusters that, by default have no external IP addresses on the nodes and where nodes and the master communicate over private IP addresses. This field is deprecated, use privateClusterConfig.enable_private_nodes instead.

masterIpv4CidrBlock
(deprecated)

string

The IP prefix in CIDR notation to use for the hosted master network. This prefix will be used for assigning private IP addresses to the master or set of masters, as well as the ILB VIP. This field is deprecated, use privateClusterConfig.master_ipv4_cidr_block instead.

defaultMaxPodsConstraint

object (MaxPodsConstraint)

The default constraint on the maximum number of pods that can be run simultaneously on a node in the node pool of this cluster. Only honored if cluster created with IP Alias support.

resourceUsageExportConfig

object (ResourceUsageExportConfig)

Configuration for exporting resource usages. Resource usage export is disabled when this config unspecified.

authenticatorGroupsConfig

object (AuthenticatorGroupsConfig)

Configuration controlling RBAC group membership information.

privateClusterConfig

object (PrivateClusterConfig)

Configuration for private cluster.

verticalPodAutoscaling

object (VerticalPodAutoscaling)

Cluster-level Vertical Pod Autoscaling configuration.

shieldedNodes

object (ShieldedNodes)

Shielded Nodes configuration.

releaseChannel

object (ReleaseChannel)

Release channel configuration.

tierSettings

object (TierSettings)

Cluster tier settings.

workloadIdentityConfig

object (WorkloadIdentityConfig)

Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.

zone
(deprecated)

string

[Output only] The name of the Google Compute Engine zone in which the cluster resides. This field is deprecated, use location instead.

endpoint

string

[Output only] The IP address of this cluster's master endpoint. The endpoint can be accessed from the internet at https://username:password@endpoint/.

See the masterAuth property of this resource for username and password information.

initialClusterVersion

string

The initial Kubernetes version for this cluster. Valid versions are those found in validMasterVersions returned by getServerConfig. The version can be upgraded over time; such upgrades are reflected in currentMasterVersion and currentNodeVersion.

Users may specify either explicit versions offered by Kubernetes Engine or version aliases, which have the following behavior:

  • "latest": picks the highest valid Kubernetes version
  • "1.X": picks the highest valid patch+gke.N patch in the 1.X version
  • "1.X.Y": picks the highest valid gke.N patch in the 1.X.Y version
  • "1.X.Y-gke.N": picks an explicit Kubernetes version
  • "","-": picks the default Kubernetes version

currentMasterVersion

string

[Output only] The current software version of the master endpoint.

currentNodeVersion
(deprecated)

string

[Output only] Deprecated, use NodePool.version instead. The current version of the node software components. If they are currently at multiple versions because they're in the process of being upgraded, this reflects the minimum version of all nodes.

createTime

string

[Output only] The time the cluster was created, in RFC3339 text format.

status

enum (Status)

[Output only] The current status of this cluster.

statusMessage

string

[Output only] Additional information about the current status of this cluster, if available.

nodeIpv4CidrSize

number

[Output only] The size of the address space on each node for hosting containers. This is provisioned from within the container_ipv4_cidr range. This field will only be set when cluster is in route-based network mode.

servicesIpv4Cidr

string

[Output only] The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

instanceGroupUrls[]
(deprecated)

string

Deprecated. Use nodePools.instance_group_urls.

currentNodeCount
(deprecated)

number

[Output only] The number of nodes currently in the cluster. Deprecated. Call Kubernetes API directly to retrieve node information.

expireTime

string

[Output only] The time the cluster will be automatically deleted in RFC3339 text format.

location

string

[Output only] The name of the Google Compute Engine zone or region in which the cluster resides.

enableTpu

boolean

Enable the ability to use Cloud TPUs in this cluster.

tpuIpv4CidrBlock

string

[Output only] The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

databaseEncryption

object (DatabaseEncryption)

Configuration of etcd encryption.

conditions[]

object (StatusCondition)

Which conditions caused the current cluster state.

MasterAuth

The authentication information for accessing the master endpoint. Authentication can be done using HTTP basic auth or using client certificates.

JSON representation
{
  "username": string,
  "password": string,
  "clientCertificateConfig": {
    object (ClientCertificateConfig)
  },
  "clusterCaCertificate": string,
  "clientCertificate": string,
  "clientKey": string
}
Fields
username

string

The username to use for HTTP basic authentication to the master endpoint. For clusters v1.6.0 and later, basic authentication can be disabled by leaving username unspecified (or setting it to the empty string).

password

string

The password to use for HTTP basic authentication to the master endpoint. Because the master endpoint is open to the Internet, you should create a strong password. If a password is provided for cluster creation, username must be non-empty.

clientCertificateConfig

object (ClientCertificateConfig)

Configuration for client certificate authentication on the cluster. For clusters before v1.12, if no configuration is specified, a client certificate is issued.

clusterCaCertificate

string

clientCertificate

string

[Output only] Base64-encoded public certificate used by clients to authenticate to the cluster endpoint.

clientKey

string

[Output only] Base64-encoded private key used by clients to authenticate to the cluster endpoint.

ClientCertificateConfig

Configuration for client certificates on the cluster.

JSON representation
{
  "issueClientCertificate": boolean
}
Fields
issueClientCertificate

boolean

Issue a client certificate.

AddonsConfig

Configuration for the addons that can be automatically spun up in the cluster, enabling additional functionality.

JSON representation
{
  "httpLoadBalancing": {
    object (HttpLoadBalancing)
  },
  "horizontalPodAutoscaling": {
    object (HorizontalPodAutoscaling)
  },
  "kubernetesDashboard": {
    object (KubernetesDashboard)
  },
  "networkPolicyConfig": {
    object (NetworkPolicyConfig)
  },
  "istioConfig": {
    object (IstioConfig)
  },
  "cloudRunConfig": {
    object (CloudRunConfig)
  }
}
Fields
httpLoadBalancing

object (HttpLoadBalancing)

Configuration for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster.

horizontalPodAutoscaling

object (HorizontalPodAutoscaling)

Configuration for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods.

kubernetesDashboard
(deprecated)

object (KubernetesDashboard)

Configuration for the Kubernetes Dashboard. This addon is deprecated, and will be disabled in 1.15. It is recommended to use the Cloud Console to manage and monitor your Kubernetes clusters, workloads and applications. For more information, see: https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards

networkPolicyConfig

object (NetworkPolicyConfig)

Configuration for NetworkPolicy. This only tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes.

istioConfig

object (IstioConfig)

Configuration for Istio, an open platform to connect, manage, and secure microservices.

cloudRunConfig

object (CloudRunConfig)

Configuration for the Cloud Run addon. The IstioConfig addon must be enabled in order to enable Cloud Run addon. This option can only be enabled at cluster creation time.

HttpLoadBalancing

Configuration options for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster.

JSON representation
{
  "disabled": boolean
}
Fields
disabled

boolean

Whether the HTTP Load Balancing controller is enabled in the cluster. When enabled, it runs a small pod in the cluster that manages the load balancers.

HorizontalPodAutoscaling

Configuration options for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods.

JSON representation
{
  "disabled": boolean
}
Fields
disabled

boolean

Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. When enabled, it ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service.

KubernetesDashboard

Configuration for the Kubernetes Dashboard.

JSON representation
{
  "disabled": boolean
}
Fields
disabled

boolean

Whether the Kubernetes Dashboard is enabled for this cluster.

NetworkPolicyConfig

Configuration for NetworkPolicy. This only tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes.

JSON representation
{
  "disabled": boolean
}
Fields
disabled

boolean

Whether NetworkPolicy is enabled for this cluster.

IstioConfig

Configuration options for Istio addon.

JSON representation
{
  "disabled": boolean,
  "auth": enum (IstioAuthMode)
}
Fields
disabled

boolean

Whether Istio is enabled for this cluster.

auth

enum (IstioAuthMode)

The specified Istio auth mode, either none, or mutual TLS.

IstioAuthMode

Istio auth mode, https://istio.io/docs/concepts/security/mutual-tls.html

Enums
AUTH_NONE auth not enabled
AUTH_MUTUAL_TLS auth mutual TLS enabled

CloudRunConfig

Configuration options for the Cloud Run feature.

JSON representation
{
  "disabled": boolean
}
Fields
disabled

boolean

Whether Cloud Run addon is enabled for this cluster.

LegacyAbac

Configuration for the legacy Attribute Based Access Control authorization mode.

JSON representation
{
  "enabled": boolean
}
Fields
enabled

boolean

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM.

NetworkPolicy

Configuration options for the NetworkPolicy feature. https://kubernetes.io/docs/concepts/services-networking/networkpolicies/

JSON representation
{
  "provider": enum (Provider),
  "enabled": boolean
}
Fields
provider

enum (Provider)

The selected network policy provider.

enabled

boolean

Whether network policy is enabled on the cluster.

Provider

Allowed Network Policy providers.

Enums
PROVIDER_UNSPECIFIED Not set
CALICO Tigera (Calico Felix).

IPAllocationPolicy

Configuration for controlling how IPs are allocated in the cluster.

JSON representation
{
  "useIpAliases": boolean,
  "createSubnetwork": boolean,
  "subnetworkName": string,
  "clusterIpv4Cidr": string,
  "nodeIpv4Cidr": string,
  "servicesIpv4Cidr": string,
  "clusterSecondaryRangeName": string,
  "servicesSecondaryRangeName": string,
  "clusterIpv4CidrBlock": string,
  "nodeIpv4CidrBlock": string,
  "servicesIpv4CidrBlock": string,
  "allowRouteOverlap": boolean,
  "tpuIpv4CidrBlock": string
}
Fields
useIpAliases

boolean

Whether alias IPs will be used for pod IPs in the cluster.

createSubnetwork

boolean

Whether a new subnetwork will be created automatically for the cluster.

This field is only applicable when useIpAliases is true.

subnetworkName

string

A custom subnetwork name to be used if createSubnetwork is true. If this field is empty, then an automatic name will be chosen for the new subnetwork.

clusterIpv4Cidr
(deprecated)

string

This field is deprecated, use clusterIpv4CidrBlock.

nodeIpv4Cidr
(deprecated)

string

This field is deprecated, use nodeIpv4CidrBlock.

servicesIpv4Cidr
(deprecated)

string

This field is deprecated, use servicesIpv4CidrBlock.

clusterSecondaryRangeName

string

The name of the secondary range to be used for the cluster CIDR block. The secondary range will be used for pod IP addresses. This must be an existing secondary range associated with the cluster subnetwork.

This field is only applicable with useIpAliases and createSubnetwork is false.

servicesSecondaryRangeName

string

The name of the secondary range to be used as for the services CIDR block. The secondary range will be used for service ClusterIPs. This must be an existing secondary range associated with the cluster subnetwork.

This field is only applicable with useIpAliases and createSubnetwork is false.

clusterIpv4CidrBlock

string

The IP address range for the cluster pod IPs. If this field is set, then cluster.cluster_ipv4_cidr must be left blank.

This field is only applicable when useIpAliases is true.

Set to blank to have a range chosen with the default size.

Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.

Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

nodeIpv4CidrBlock

string

The IP address range of the instance IPs in this cluster.

This is applicable only if createSubnetwork is true.

Set to blank to have a range chosen with the default size.

Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.

Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

servicesIpv4CidrBlock

string

The IP address range of the services IPs in this cluster. If blank, a range will be automatically chosen with the default size.

This field is only applicable when useIpAliases is true.

Set to blank to have a range chosen with the default size.

Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.

Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

allowRouteOverlap

boolean

If true, allow allocation of cluster CIDR ranges that overlap with certain kinds of network routes. By default we do not allow cluster CIDR ranges to intersect with any user declared routes. With allowRouteOverlap == true, we allow overlapping with CIDR ranges that are larger than the cluster CIDR range.

If this field is set to true, then cluster and services CIDRs must be fully-specified (e.g. 10.96.0.0/14, but not /14), which means: 1) When useIpAliases is true, clusterIpv4CidrBlock and servicesIpv4CidrBlock must be fully-specified. 2) When useIpAliases is false, cluster.cluster_ipv4_cidr muse be fully-specified.

tpuIpv4CidrBlock

string

The IP address range of the Cloud TPUs in this cluster. If unspecified, a range will be automatically chosen with the default size.

This field is only applicable when useIpAliases is true.

If unspecified, the range will use the default size.

Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.

Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

MasterAuthorizedNetworksConfig

Configuration options for the master authorized networks feature. Enabled master authorized networks will disallow all external traffic to access Kubernetes master through HTTPS except traffic from the given CIDR blocks, Google Compute Engine Public IPs and Google Prod IPs.

JSON representation
{
  "enabled": boolean,
  "cidrBlocks": [
    {
      object (CidrBlock)
    }
  ]
}
Fields
enabled

boolean

Whether or not master authorized networks is enabled.

cidrBlocks[]

object (CidrBlock)

cidrBlocks define up to 10 external networks that could access Kubernetes master through HTTPS.

CidrBlock

CidrBlock contains an optional name and one CIDR block.

JSON representation
{
  "displayName": string,
  "cidrBlock": string
}
Fields
displayName

string

displayName is an optional field for users to identify CIDR blocks.

cidrBlock

string

cidrBlock must be specified in CIDR notation.

MaintenancePolicy

MaintenancePolicy defines the maintenance policy to be used for the cluster.

JSON representation
{
  "window": {
    object (MaintenanceWindow)
  },
  "resourceVersion": string
}
Fields
window

object (MaintenanceWindow)

Specifies the maintenance window in which maintenance may be performed.

resourceVersion

string

A hash identifying the version of this policy, so that updates to fields of the policy won't accidentally undo intermediate changes (and so that users of the API unaware of some fields won't accidentally remove other fields). Make a

get()

request to the cluster to get the current resource version and include it with requests to set the policy.

MaintenanceWindow

MaintenanceWindow defines the maintenance window to be used for the cluster.

JSON representation
{
  "maintenanceExclusions": {
    string: {
      object(TimeWindow)
    },
    ...
  },

  // Union field policy can be only one of the following:
  "dailyMaintenanceWindow": {
    object (DailyMaintenanceWindow)
  },
  "recurringWindow": {
    object (RecurringTimeWindow)
  }
  // End of list of possible types for union field policy.
}
Fields
maintenanceExclusions

map (key: string, value: object (TimeWindow))

Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

Union field policy. Unimplemented, reserved for future use. HourlyMaintenanceWindow hourly_maintenance_window = 1; policy can be only one of the following:
dailyMaintenanceWindow

object (DailyMaintenanceWindow)

DailyMaintenanceWindow specifies a daily maintenance operation window.

recurringWindow

object (RecurringTimeWindow)

RecurringWindow specifies some number of recurring time periods for maintenance to occur. The time windows may be overlapping. If no maintenance windows are set, maintenance can occur at any time.

DailyMaintenanceWindow

Time window specified for daily maintenance operations.

JSON representation
{
  "startTime": string,
  "duration": string
}
Fields
startTime

string

Time within the maintenance window to start the maintenance operations. It must be in format "HH:MM", where HH : [00-23] and MM : [00-59] GMT.

duration

string

[Output only] Duration of the time window, automatically chosen to be smallest possible in the given scenario.

RecurringTimeWindow

Represents an arbitrary window of time that recurs.

JSON representation
{
  "window": {
    object (TimeWindow)
  },
  "recurrence": string
}
Fields
window

object (TimeWindow)

The window of the first recurrence.

recurrence

string

An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how this window reccurs. They go on for the span of time between the start and end time.

For example, to have something repeat every weekday, you'd use:

FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR

To repeat some window daily (equivalent to the DailyMaintenanceWindow):

FREQ=DAILY

For the first weekend of every month:

FREQ=MONTHLY;BYSETPOS=1;BYDAY=SA,SU

This specifies how frequently the window starts. Eg, if you wanted to have a 9-5 UTC-4 window every weekday, you'd use something like:

start time = 2019-01-01T09:00:00-0400 end time = 2019-01-01T17:00:00-0400 recurrence = FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR

Windows can span multiple days. Eg, to make the window encompass every weekend from midnight Saturday till the last minute of Sunday UTC:

start time = 2019-01-05T00:00:00Z end time = 2019-01-07T23:59:00Z recurrence = FREQ=WEEKLY;BYDAY=SA

Note the start and end time's specific dates are largely arbitrary except to specify duration of the window and when it first starts. The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported.

TimeWindow

Represents an arbitrary window of time.

JSON representation
{
  "startTime": string,
  "endTime": string
}
Fields
startTime

string (Timestamp format)

The time that the window first starts.

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

endTime

string (Timestamp format)

The time that the window ends. The end time should take place after the start time.

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

BinaryAuthorization

Configuration for Binary Authorization.

JSON representation
{
  "enabled": boolean
}
Fields
enabled

boolean

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binauthz.

PodSecurityPolicyConfig

Configuration for the PodSecurityPolicy feature.

JSON representation
{
  "enabled": boolean
}
Fields
enabled

boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

ClusterAutoscaling

ClusterAutoscaling contains global, per-cluster information required by Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs.

JSON representation
{
  "enableNodeAutoprovisioning": boolean,
  "resourceLimits": [
    {
      object (ResourceLimit)
    }
  ],
  "autoprovisioningNodePoolDefaults": {
    object (AutoprovisioningNodePoolDefaults)
  },
  "autoprovisioningLocations": [
    string
  ]
}
Fields
enableNodeAutoprovisioning

boolean

Enables automatic node pool creation and deletion.

resourceLimits[]

object (ResourceLimit)

Contains global constraints regarding minimum and maximum amount of resources in the cluster.

autoprovisioningNodePoolDefaults

object (AutoprovisioningNodePoolDefaults)

AutoprovisioningNodePoolDefaults contains defaults for a node pool created by NAP.

autoprovisioningLocations[]

string

The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.

ResourceLimit

Contains information about amount of some resource in the cluster. For memory, value should be in GB.

JSON representation
{
  "resourceType": string,
  "minimum": string,
  "maximum": string
}
Fields
resourceType

string

Resource name "cpu", "memory" or gpu-specific string.

minimum

string (int64 format)

Minimum amount of the resource in the cluster.

maximum

string (int64 format)

Maximum amount of the resource in the cluster.

AutoprovisioningNodePoolDefaults

AutoprovisioningNodePoolDefaults contains defaults for a node pool created by NAP.

JSON representation
{
  "oauthScopes": [
    string
  ],
  "serviceAccount": string
}
Fields
oauthScopes[]

string

Scopes that are used by NAP when creating node pools. If oauthScopes are specified, serviceAccount should be empty.

serviceAccount

string

The Google Cloud Platform Service Account to be used by the node VMs. If serviceAccount is specified, scopes should be empty.

NetworkConfig

NetworkConfig reports the relative names of network & subnetwork.

JSON representation
{
  "network": string,
  "subnetwork": string,
  "enableIntraNodeVisibility": boolean
}
Fields
network

string

Output only. The relative name of the Google Compute Engine network(/compute/docs/networks-and-firewalls#networks) to which the cluster is connected. Example: projects/my-project/global/networks/my-network

subnetwork

string

Output only. The relative name of the Google Compute Engine subnetwork to which the cluster is connected. Example: projects/my-project/regions/us-central1/subnetworks/my-subnet

enableIntraNodeVisibility

boolean

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

ResourceUsageExportConfig

Configuration for exporting cluster resource usages.

JSON representation
{
  "bigqueryDestination": {
    object (BigQueryDestination)
  },
  "enableNetworkEgressMetering": boolean,
  "consumptionMeteringConfig": {
    object (ConsumptionMeteringConfig)
  }
}
Fields
bigqueryDestination

object (BigQueryDestination)

Configuration to use BigQuery as usage export destination.

enableNetworkEgressMetering

boolean

Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.

consumptionMeteringConfig

object (ConsumptionMeteringConfig)

Configuration to enable resource consumption metering.

BigQueryDestination

Parameters for using BigQuery as the destination of resource usage export.

JSON representation
{
  "datasetId": string
}
Fields
datasetId

string

The ID of a BigQuery Dataset.

ConsumptionMeteringConfig

Parameters for controlling consumption metering.

JSON representation
{
  "enabled": boolean
}
Fields
enabled

boolean

Whether to enable consumption metering for this cluster. If enabled, a second BigQuery table will be created to hold resource consumption records.

AuthenticatorGroupsConfig

Configuration for returning group information from authenticators.

JSON representation
{
  "enabled": boolean,
  "securityGroup": string
}
Fields
enabled

boolean

Whether this cluster should return group membership lookups during authentication using a group of security groups.

securityGroup

string

The name of the security group-of-groups to be used. Only relevant if enabled = true.

PrivateClusterConfig

Configuration options for private clusters.

JSON representation
{
  "enablePrivateNodes": boolean,
  "enablePrivateEndpoint": boolean,
  "masterIpv4CidrBlock": string,
  "privateEndpoint": string,
  "publicEndpoint": string,
  "enablePeeringRouteSharing": boolean,
  "peeringName": string
}
Fields
enablePrivateNodes

boolean

Whether nodes have internal IP addresses only. If enabled, all nodes are given only RFC 1918 private addresses and communicate with the master via private networking.

enablePrivateEndpoint

boolean

Whether the master's internal IP address is used as the cluster endpoint.

masterIpv4CidrBlock

string

The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network.

privateEndpoint

string

Output only. The internal IP address of this cluster's master endpoint.

publicEndpoint

string

Output only. The external IP address of this cluster's master endpoint.

enablePeeringRouteSharing
(deprecated)

boolean

Whether to enable route sharing over the network peering.

peeringName

string

Output only. The peering name in the customer VPC used by this cluster.

VerticalPodAutoscaling

VerticalPodAutoscaling contains global, per-cluster information required by Vertical Pod Autoscaler to automatically adjust the resources of pods controlled by it.

JSON representation
{
  "enabled": boolean
}
Fields
enabled

boolean

Enables vertical pod autoscaling.

ShieldedNodes

Configuration of Shielded Nodes feature.

JSON representation
{
  "enabled": boolean
}
Fields
enabled

boolean

Whether Shielded Nodes features are enabled on all nodes in this cluster.

ReleaseChannel

ReleaseChannel indicates which release channel a cluster is subscribed to. Release channels are arranged in order of risk and frequency of updates.

When a cluster is subscribed to a release channel, Google maintains both the master version and the node version. Node auto-upgrade defaults to true and cannot be disabled. Updates to version related fields (e.g. currentMasterVersion) return an error.

JSON representation
{
  "channel": enum (Channel)
}
Fields
channel

enum (Channel)

channel specifies which release channel the cluster is subscribed to.

Channel

Possible values for 'channel'.

Enums
UNSPECIFIED No channel specified.
RAPID

RAPID channel is offered on an early access basis for customers who want to test new releases before they are qualified for production use or general availability. New upgrades will occur roughly weekly.

WARNING: Versions available in the RAPID Channel may be subject to unresolved issues with no known workaround and are not for use with production workloads or subject to any SLAs.

REGULAR Clusters subscribed to REGULAR receive versions that are considered GA quality. REGULAR is intended for production users who want to take advantage of new features. New upgrades will occur roughly every few weeks.
STABLE Clusters subscribed to STABLE receive versions that are known to be stable and reliable in production. STABLE is intended for production users who need stability above all else, or for whom frequent upgrades are too risky. New upgrades will occur roughly every few months.

TierSettings

Cluster tier settings.

JSON representation
{
  "tier": enum (Tier)
}
Fields
tier

enum (Tier)

Cluster tier.

Tier

Tiers are hierarchical and can be defined to inherit the permissions of another tier.

Enums
TIER_UNSPECIFIED TIER_UNSPECIFIED is the default value. If this value is set during create or update, it defaults to the project level tier setting.
STANDARD Represents the standard tier or base Google Kubernetes Engine offering.
ADVANCED Represents the advanced tier.

WorkloadIdentityConfig

Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.

JSON representation
{
  "identityNamespace": string
}
Fields
identityNamespace

string

IAM Identity Namespace to attach all Kubernetes Service Accounts to.

Status

The current status of the cluster.

Enums
STATUS_UNSPECIFIED Not set.
PROVISIONING The PROVISIONING state indicates the cluster is being created.
RUNNING The RUNNING state indicates the cluster has been created and is fully usable.
RECONCILING The RECONCILING state indicates that some work is actively being done on the cluster, such as upgrading the master or node software. Details can be found in the statusMessage field.
STOPPING The STOPPING state indicates the cluster is being deleted.
ERROR The ERROR state indicates the cluster may be unusable. Details can be found in the statusMessage field.
DEGRADED The DEGRADED state indicates the cluster requires user action to restore full functionality. Details can be found in the statusMessage field.

DatabaseEncryption

Configuration of etcd encryption.

JSON representation
{
  "state": enum (State),
  "keyName": string
}
Fields
state

enum (State)

Denotes the state of etcd encryption.

keyName

string

Name of CloudKMS key to use for the encryption of secrets in etcd. Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key

State

State of etcd encryption.

Enums
UNKNOWN Should never be set
ENCRYPTED Secrets in etcd are encrypted.
DECRYPTED Secrets in etcd are stored in plain text (at etcd level) - this is unrelated to Google Compute Engine level full disk encryption.

Methods

completeIpRotation

Completes master IP rotation.

create

Creates a cluster, consisting of the specified number and type of Google Compute Engine instances.

delete

Deletes the cluster, including the Kubernetes endpoint and all worker nodes.

get

Gets the details for a specific cluster.

getJwks

Gets the public component of the cluster signing keys in JSON Web Key format.

list

Lists all clusters owned by a project in either the specified zone or all zones.

setAddons

Sets the addons for a specific cluster.

setLegacyAbac

Enables or disables the ABAC authorization mechanism on a cluster.

setLocations

Sets the locations for a specific cluster.

setLogging

Sets the logging service for a specific cluster.

setMaintenancePolicy

Sets the maintenance policy for a cluster.

setMasterAuth

Sets master auth materials.

setMonitoring

Sets the monitoring service for a specific cluster.

setNetworkPolicy

Enables or disables Network Policy for a cluster.

setResourceLabels

Sets labels on a cluster.

startIpRotation

Starts master IP rotation.

update

Updates the settings for a specific cluster.

updateMaster

Updates the master for a specific cluster.
Var denne side nyttig? Giv os en anmeldelse af den:

Send feedback om...

Kubernetes Engine