REST Resource: projects.locations.clusters

{
  "username": string,
  "password": string,
  "clientCertificateConfig": {
    object (ClientCertificateConfig)
  },
  "clusterCaCertificate": string,
  "clientCertificate": string,
  "clientKey": string
}

string

The username to use for HTTP basic authentication to the master endpoint. For clusters v1.6.0 and later, basic authentication can be disabled by leaving username unspecified (or setting it to the empty string).

string

The password to use for HTTP basic authentication to the master endpoint. Because the master endpoint is open to the Internet, you should create a strong password. If a password is provided for cluster creation, username must be non-empty.

object (ClientCertificateConfig)

Configuration for client certificate authentication on the cluster. For clusters before v1.12, if no configuration is specified, a client certificate is issued.

string

string

[Output only] Base64-encoded public certificate used by clients to authenticate to the cluster endpoint.

string

[Output only] Base64-encoded private key used by clients to authenticate to the cluster endpoint.

{
  "issueClientCertificate": boolean
}

boolean

Issue a client certificate.

{
  "httpLoadBalancing": {
    object (HttpLoadBalancing)
  },
  "horizontalPodAutoscaling": {
    object (HorizontalPodAutoscaling)
  },
  "kubernetesDashboard": {
    object (KubernetesDashboard)
  },
  "networkPolicyConfig": {
    object (NetworkPolicyConfig)
  },
  "istioConfig": {
    object (IstioConfig)
  },
  "cloudRunConfig": {
    object (CloudRunConfig)
  }
}

object (HttpLoadBalancing)

Configuration for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster.

object (HorizontalPodAutoscaling)

Configuration for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods.

object (KubernetesDashboard)

Configuration for the Kubernetes Dashboard. This addon is deprecated, and will be disabled in 1.15. It is recommended to use the Cloud Console to manage and monitor your Kubernetes clusters, workloads and applications. For more information, see: https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards

object (NetworkPolicyConfig)

Configuration for NetworkPolicy. This only tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes.

object (IstioConfig)

Configuration for Istio, an open platform to connect, manage, and secure microservices.

object (CloudRunConfig)

Configuration for the Cloud Run addon. The IstioConfig addon must be enabled in order to enable Cloud Run addon. This option can only be enabled at cluster creation time.

{
  "disabled": boolean
}

boolean

Whether the HTTP Load Balancing controller is enabled in the cluster. When enabled, it runs a small pod in the cluster that manages the load balancers.

{
  "disabled": boolean
}

boolean

Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. When enabled, it ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service.

{
  "disabled": boolean
}

boolean

Whether the Kubernetes Dashboard is enabled for this cluster.

{
  "disabled": boolean
}

boolean

Whether NetworkPolicy is enabled for this cluster.

{
  "disabled": boolean,
  "auth": enum (IstioAuthMode)
}

boolean

Whether Istio is enabled for this cluster.

enum (IstioAuthMode)

The specified Istio auth mode, either none, or mutual TLS.

{
  "disabled": boolean
}

boolean

Whether Cloud Run addon is enabled for this cluster.

{
  "enabled": boolean
}

boolean

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM.

{
  "provider": enum (Provider),
  "enabled": boolean
}

enum (Provider)

The selected network policy provider.

boolean

Whether network policy is enabled on the cluster.

{
  "useIpAliases": boolean,
  "createSubnetwork": boolean,
  "subnetworkName": string,
  "clusterIpv4Cidr": string,
  "nodeIpv4Cidr": string,
  "servicesIpv4Cidr": string,
  "clusterSecondaryRangeName": string,
  "servicesSecondaryRangeName": string,
  "clusterIpv4CidrBlock": string,
  "nodeIpv4CidrBlock": string,
  "servicesIpv4CidrBlock": string,
  "allowRouteOverlap": boolean,
  "tpuIpv4CidrBlock": string
}

boolean

Whether alias IPs will be used for pod IPs in the cluster.

boolean

Whether a new subnetwork will be created automatically for the cluster.

This field is only applicable when useIpAliases is true.

string

A custom subnetwork name to be used if createSubnetwork is true. If this field is empty, then an automatic name will be chosen for the new subnetwork.

string

This field is deprecated, use clusterIpv4CidrBlock.

string

This field is deprecated, use nodeIpv4CidrBlock.

string

This field is deprecated, use servicesIpv4CidrBlock.

string

The name of the secondary range to be used for the cluster CIDR block. The secondary range will be used for pod IP addresses. This must be an existing secondary range associated with the cluster subnetwork.

This field is only applicable with useIpAliases and createSubnetwork is false.

string

The name of the secondary range to be used as for the services CIDR block. The secondary range will be used for service ClusterIPs. This must be an existing secondary range associated with the cluster subnetwork.

This field is only applicable with useIpAliases and createSubnetwork is false.

string

The IP address range for the cluster pod IPs. If this field is set, then cluster.cluster_ipv4_cidr must be left blank.

This field is only applicable when useIpAliases is true.

Set to blank to have a range chosen with the default size.

Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.

Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

string

The IP address range of the instance IPs in this cluster.

This is applicable only if createSubnetwork is true.

Set to blank to have a range chosen with the default size.

Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.

Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

string

The IP address range of the services IPs in this cluster. If blank, a range will be automatically chosen with the default size.

This field is only applicable when useIpAliases is true.

Set to blank to have a range chosen with the default size.

Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.

Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

boolean

If true, allow allocation of cluster CIDR ranges that overlap with certain kinds of network routes. By default we do not allow cluster CIDR ranges to intersect with any user declared routes. With allowRouteOverlap == true, we allow overlapping with CIDR ranges that are larger than the cluster CIDR range.

If this field is set to true, then cluster and services CIDRs must be fully-specified (e.g. 10.96.0.0/14, but not /14), which means: 1) When useIpAliases is true, clusterIpv4CidrBlock and servicesIpv4CidrBlock must be fully-specified. 2) When useIpAliases is false, cluster.cluster_ipv4_cidr muse be fully-specified.

string

The IP address range of the Cloud TPUs in this cluster. If unspecified, a range will be automatically chosen with the default size.

This field is only applicable when useIpAliases is true.

If unspecified, the range will use the default size.

Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.

Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.

{
  "enabled": boolean,
  "cidrBlocks": [
    {
      object (CidrBlock)
    }
  ]
}

boolean

Whether or not master authorized networks is enabled.

object (CidrBlock)

cidrBlocks define up to 10 external networks that could access Kubernetes master through HTTPS.

{
  "displayName": string,
  "cidrBlock": string
}

string

displayName is an optional field for users to identify CIDR blocks.

string

cidrBlock must be specified in CIDR notation.

{
  "window": {
    object (MaintenanceWindow)
  }
}

object (MaintenanceWindow)

Specifies the maintenance window in which maintenance may be performed.

{
  "dailyMaintenanceWindow": {
    object (DailyMaintenanceWindow)
  }
}

object (DailyMaintenanceWindow)

DailyMaintenanceWindow specifies a daily maintenance operation window.

{
  "startTime": string,
  "duration": string
}

string

Time within the maintenance window to start the maintenance operations. It must be in format "HH:MM", where HH : [00-23] and MM : [00-59] GMT.

string

[Output only] Duration of the time window, automatically chosen to be smallest possible in the given scenario.

{
  "enabled": boolean
}

boolean

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binauthz.

{
  "enabled": boolean
}

boolean

Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.

{
  "enableNodeAutoprovisioning": boolean,
  "resourceLimits": [
    {
      object (ResourceLimit)
    }
  ],
  "autoprovisioningNodePoolDefaults": {
    object (AutoprovisioningNodePoolDefaults)
  },
  "autoprovisioningLocations": [
    string
  ]
}

boolean

Enables automatic node pool creation and deletion.

object (ResourceLimit)

Contains global constraints regarding minimum and maximum amount of resources in the cluster.

object (AutoprovisioningNodePoolDefaults)

AutoprovisioningNodePoolDefaults contains defaults for a node pool created by NAP.

string

The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.

{
  "resourceType": string,
  "minimum": string,
  "maximum": string
}

string

Resource name "cpu", "memory" or gpu-specific string.

string (int64 format)

Minimum amount of the resource in the cluster.

string (int64 format)

Maximum amount of the resource in the cluster.

{
  "oauthScopes": [
    string
  ],
  "serviceAccount": string
}

string

Scopes that are used by NAP when creating node pools. If oauthScopes are specified, serviceAccount should be empty.

string

The Google Cloud Platform Service Account to be used by the node VMs. If serviceAccount is specified, scopes should be empty.

{
  "network": string,
  "subnetwork": string,
  "enableIntraNodeVisibility": boolean
}

string

Output only. The relative name of the Google Compute Engine network(/compute/docs/networks-and-firewalls#networks) to which the cluster is connected. Example: projects/my-project/global/networks/my-network

string

Output only. The relative name of the Google Compute Engine subnetwork to which the cluster is connected. Example: projects/my-project/regions/us-central1/subnetworks/my-subnet

boolean

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

{
  "bigqueryDestination": {
    object (BigQueryDestination)
  },
  "enableNetworkEgressMetering": boolean,
  "consumptionMeteringConfig": {
    object (ConsumptionMeteringConfig)
  }
}

object (BigQueryDestination)

Configuration to use BigQuery as usage export destination.

boolean

Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.

object (ConsumptionMeteringConfig)

Configuration to enable resource consumption metering.

{
  "datasetId": string
}

string

The ID of a BigQuery Dataset.

{
  "enabled": boolean
}

boolean

Whether to enable consumption metering for this cluster. If enabled, a second BigQuery table will be created to hold resource consumption records.

{
  "enabled": boolean,
  "securityGroup": string
}

boolean

Whether this cluster should return group membership lookups during authentication using a group of security groups.

string

The name of the security group-of-groups to be used. Only relevant if enabled = true.

{
  "enablePrivateNodes": boolean,
  "enablePrivateEndpoint": boolean,
  "masterIpv4CidrBlock": string,
  "privateEndpoint": string,
  "publicEndpoint": string,
  "enablePeeringRouteSharing": boolean
}

boolean

Whether nodes have internal IP addresses only. If enabled, all nodes are given only RFC 1918 private addresses and communicate with the master via private networking.

boolean

Whether the master's internal IP address is used as the cluster endpoint.

string

The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network.

string

Output only. The internal IP address of this cluster's master endpoint.

string

Output only. The external IP address of this cluster's master endpoint.

boolean

Whether to enable route sharing over the network peering.

{
  "enabled": boolean
}

boolean

Enables vertical pod autoscaling.

{
  "enabled": boolean
}

boolean

Whether Shielded Nodes features are enabled on all nodes in this cluster.

{
  "tier": enum (Tier)
}

enum (Tier)

Cluster tier.

{
  "identityNamespace": string
}

string

IAM Identity Namespace to attach all Kubernetes Service Accounts to.

{
  "state": enum (State),
  "keyName": string
}

enum (State)

Denotes the state of etcd encryption.

string

Name of CloudKMS key to use for the encryption of secrets in etcd. Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key