- Resource: Cluster
- JSON representation
- MasterAuth
- ClientCertificateConfig
- AddonsConfig
- HttpLoadBalancing
- HorizontalPodAutoscaling
- KubernetesDashboard
- NetworkPolicyConfig
- IstioConfig
- IstioAuthMode
- CloudRunConfig
- LoadBalancerType
- DnsCacheConfig
- ConfigConnectorConfig
- GcePersistentDiskCsiDriverConfig
- KalmConfig
- LegacyAbac
- NetworkPolicy
- Provider
- IPAllocationPolicy
- MasterAuthorizedNetworksConfig
- CidrBlock
- MaintenancePolicy
- MaintenanceWindow
- DailyMaintenanceWindow
- RecurringTimeWindow
- TimeWindow
- BinaryAuthorization
- PodSecurityPolicyConfig
- ClusterAutoscaling
- ResourceLimit
- AutoscalingProfile
- AutoprovisioningNodePoolDefaults
- NetworkConfig
- DefaultSnatStatus
- DatapathProvider
- PrivateIPv6GoogleAccess
- ResourceUsageExportConfig
- BigQueryDestination
- ConsumptionMeteringConfig
- AuthenticatorGroupsConfig
- PrivateClusterConfig
- PrivateClusterMasterGlobalAccessConfig
- VerticalPodAutoscaling
- ShieldedNodes
- ReleaseChannel
- Channel
- WorkloadIdentityConfig
- ClusterTelemetry
- Type
- TpuConfig
- NotificationConfig
- PubSub
- ConfidentialNodes
- Status
- DatabaseEncryption
- State
- Master
- Methods
Resource: Cluster
A Google Kubernetes Engine cluster.
| JSON representation | |
|---|---|
{ "name": string, "description": string, "initialNodeCount": integer, "nodeConfig": { object ( |
|
| Fields | |
|---|---|
name |
The name of this cluster. The name must be unique within this project and location (e.g. zone or region), and can be up to 40 characters with the following restrictions:
|
description |
An optional description of this cluster. |
initialNodeCount |
The number of nodes to create in this cluster. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota. For requests, this field should only be used in lieu of a "nodePool" object, since this configuration (along with the "nodeConfig") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a nodePool at the same time. This field is deprecated, use nodePool.initial_node_count instead. |
nodeConfig |
Parameters used in creating the cluster's nodes. For requests, this field should only be used in lieu of a "nodePool" object, since this configuration (along with the "initialNodeCount") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a nodePool at the same time. For responses, this field will be populated with the node configuration of the first node pool. (For configuration of each node pool, see If unspecified, the defaults are used. This field is deprecated, use nodePool.config instead. |
masterAuth |
The authentication information for accessing the master endpoint. If unspecified, the defaults are used: For clusters before v1.12, if masterAuth is unspecified, |
loggingService |
The logging service the cluster should use to write logs. Currently available options:
If left as an empty string, |
monitoringService |
The monitoring service the cluster should use to write metrics. Currently available options:
If left as an empty string, |
network |
The name of the Google Compute Engine network to which the cluster is connected. If left unspecified, the |
clusterIpv4Cidr |
The IP address range of the container pods in this cluster, in CIDR notation (e.g. |
addonsConfig |
Configurations for the various addons available to run in the cluster. |
subnetwork |
The name of the Google Compute Engine subnetwork to which the cluster is connected. On output this shows the subnetwork ID instead of the name. |
nodePools[] |
The node pools associated with this cluster. This field should not be set if "nodeConfig" or "initialNodeCount" are specified. |
locations[] |
The list of Google Compute Engine zones in which the cluster's nodes should be located. This field provides a default value if NodePool.Locations are not specified during node pool creation. Warning: changing cluster locations will update the NodePool.Locations of all node pools and will result in nodes being added and/or removed. |
enableKubernetesAlpha |
Kubernetes alpha features are enabled on this cluster. This includes alpha API groups (e.g. v1beta1) and features that may not be production ready in the kubernetes version of the master and nodes. The cluster has no SLA for uptime and master/node upgrades are disabled. Alpha enabled clusters are automatically deleted thirty days after creation. |
resourceLabels |
The resource labels for the cluster to use to annotate any related Google Compute Engine resources. An object containing a list of |
labelFingerprint |
The fingerprint of the set of labels for this cluster. |
legacyAbac |
Configuration for the legacy ABAC authorization mode. |
networkPolicy |
Configuration options for the NetworkPolicy feature. |
ipAllocationPolicy |
Configuration for cluster IP allocation. |
masterAuthorizedNetworksConfig |
The configuration options for master authorized networks feature. |
maintenancePolicy |
Configure the maintenance policy for this cluster. |
binaryAuthorization |
Configuration for Binary Authorization. |
podSecurityPolicyConfig |
Configuration for the PodSecurityPolicy feature. |
autoscaling |
Cluster-level autoscaling configuration. |
networkConfig |
Configuration for cluster networking. |
privateCluster |
If this is a private cluster setup. Private clusters are clusters that, by default have no external IP addresses on the nodes and where nodes and the master communicate over private IP addresses. This field is deprecated, use privateClusterConfig.enable_private_nodes instead. |
masterIpv4CidrBlock |
The IP prefix in CIDR notation to use for the hosted master network. This prefix will be used for assigning private IP addresses to the master or set of masters, as well as the ILB VIP. This field is deprecated, use privateClusterConfig.master_ipv4_cidr_block instead. |
defaultMaxPodsConstraint |
The default constraint on the maximum number of pods that can be run simultaneously on a node in the node pool of this cluster. Only honored if cluster created with IP Alias support. |
resourceUsageExportConfig |
Configuration for exporting resource usages. Resource usage export is disabled when this config unspecified. |
authenticatorGroupsConfig |
Configuration controlling RBAC group membership information. |
privateClusterConfig |
Configuration for private cluster. |
verticalPodAutoscaling |
Cluster-level Vertical Pod Autoscaling configuration. |
shieldedNodes |
Shielded Nodes configuration. |
releaseChannel |
Release channel configuration. |
workloadIdentityConfig |
Configuration for the use of Kubernetes Service Accounts in GCP IAM policies. |
clusterTelemetry |
Telemetry integration for the cluster. |
tpuConfig |
Configuration for Cloud TPU support; |
notificationConfig |
Notification configuration of the cluster. |
confidentialNodes |
Configuration of Confidential Nodes |
selfLink |
[Output only] Server-defined URL for the resource. |
zone |
[Output only] The name of the Google Compute Engine zone in which the cluster resides. This field is deprecated, use location instead. |
endpoint |
[Output only] The IP address of this cluster's master endpoint. The endpoint can be accessed from the internet at See the |
initialClusterVersion |
The initial Kubernetes version for this cluster. Valid versions are those found in validMasterVersions returned by getServerConfig. The version can be upgraded over time; such upgrades are reflected in currentMasterVersion and currentNodeVersion. Users may specify either explicit versions offered by Kubernetes Engine or version aliases, which have the following behavior:
|
currentMasterVersion |
[Output only] The current software version of the master endpoint. |
currentNodeVersion |
[Output only] Deprecated, use NodePool.version instead. The current version of the node software components. If they are currently at multiple versions because they're in the process of being upgraded, this reflects the minimum version of all nodes. |
createTime |
[Output only] The time the cluster was created, in RFC3339 text format. |
status |
[Output only] The current status of this cluster. |
statusMessage |
[Output only] Deprecated. Use conditions instead. Additional information about the current status of this cluster, if available. |
nodeIpv4CidrSize |
[Output only] The size of the address space on each node for hosting containers. This is provisioned from within the |
servicesIpv4Cidr |
[Output only] The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. |
instanceGroupUrls[] |
Deprecated. Use nodePools.instance_group_urls. |
currentNodeCount |
[Output only] The number of nodes currently in the cluster. Deprecated. Call Kubernetes API directly to retrieve node information. |
expireTime |
[Output only] The time the cluster will be automatically deleted in RFC3339 text format. |
location |
[Output only] The name of the Google Compute Engine zone or region in which the cluster resides. |
enableTpu |
Enable the ability to use Cloud TPUs in this cluster. This field is deprecated, use tpuConfig.enabled instead. |
tpuIpv4CidrBlock |
[Output only] The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. |
databaseEncryption |
Configuration of etcd encryption. |
conditions[] |
Which conditions caused the current cluster state. |
master |
Configuration for master components. |
MasterAuth
The authentication information for accessing the master endpoint. Authentication can be done using HTTP basic auth or using client certificates.
| JSON representation | |
|---|---|
{
"username": string,
"password": string,
"clientCertificateConfig": {
object ( |
|
| Fields | |
|---|---|
username |
The username to use for HTTP basic authentication to the master endpoint. For clusters v1.6.0 and later, basic authentication can be disabled by leaving username unspecified (or setting it to the empty string). Warning: basic authentication is deprecated, and will be removed in GKE control plane versions 1.19 and newer. For a list of recommended authentication methods, see: https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication |
password |
The password to use for HTTP basic authentication to the master endpoint. Because the master endpoint is open to the Internet, you should create a strong password. If a password is provided for cluster creation, username must be non-empty. Warning: basic authentication is deprecated, and will be removed in GKE control plane versions 1.19 and newer. For a list of recommended authentication methods, see: https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication |
clientCertificateConfig |
Configuration for client certificate authentication on the cluster. For clusters before v1.12, if no configuration is specified, a client certificate is issued. |
clusterCaCertificate |
|
clientCertificate |
[Output only] Base64-encoded public certificate used by clients to authenticate to the cluster endpoint. |
clientKey |
[Output only] Base64-encoded private key used by clients to authenticate to the cluster endpoint. |
ClientCertificateConfig
Configuration for client certificates on the cluster.
| JSON representation | |
|---|---|
{ "issueClientCertificate": boolean } |
|
| Fields | |
|---|---|
issueClientCertificate |
Issue a client certificate. |
AddonsConfig
Configuration for the addons that can be automatically spun up in the cluster, enabling additional functionality.
| JSON representation | |
|---|---|
{ "httpLoadBalancing": { object ( |
|
| Fields | |
|---|---|
httpLoadBalancing |
Configuration for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. |
horizontalPodAutoscaling |
Configuration for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. |
kubernetesDashboard |
Configuration for the Kubernetes Dashboard. This addon is deprecated, and will be disabled in 1.15. It is recommended to use the Cloud Console to manage and monitor your Kubernetes clusters, workloads and applications. For more information, see: https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards |
networkPolicyConfig |
Configuration for NetworkPolicy. This only tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes. |
istioConfig |
Configuration for Istio, an open platform to connect, manage, and secure microservices. |
cloudRunConfig |
Configuration for the Cloud Run addon. The |
dnsCacheConfig |
Configuration for NodeLocalDNS, a dns cache running on cluster nodes |
configConnectorConfig |
Configuration for the ConfigConnector add-on, a Kubernetes extension to manage hosted GCP services through the Kubernetes API |
gcePersistentDiskCsiDriverConfig |
Configuration for the Compute Engine Persistent Disk CSI driver. |
kalmConfig |
Configuration for the KALM addon, which manages the lifecycle of k8s applications. |
HttpLoadBalancing
Configuration options for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster.
| JSON representation | |
|---|---|
{ "disabled": boolean } |
|
| Fields | |
|---|---|
disabled |
Whether the HTTP Load Balancing controller is enabled in the cluster. When enabled, it runs a small pod in the cluster that manages the load balancers. |
HorizontalPodAutoscaling
Configuration options for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods.
| JSON representation | |
|---|---|
{ "disabled": boolean } |
|
| Fields | |
|---|---|
disabled |
Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. When enabled, it ensures that metrics are collected into Stackdriver Monitoring. |
KubernetesDashboard
Configuration for the Kubernetes Dashboard.
| JSON representation | |
|---|---|
{ "disabled": boolean } |
|
| Fields | |
|---|---|
disabled |
Whether the Kubernetes Dashboard is enabled for this cluster. |
NetworkPolicyConfig
Configuration for NetworkPolicy. This only tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes.
| JSON representation | |
|---|---|
{ "disabled": boolean } |
|
| Fields | |
|---|---|
disabled |
Whether NetworkPolicy is enabled for this cluster. |
IstioConfig
Configuration options for Istio addon.
| JSON representation | |
|---|---|
{
"disabled": boolean,
"auth": enum ( |
|
| Fields | |
|---|---|
disabled |
Whether Istio is enabled for this cluster. |
auth |
The specified Istio auth mode, either none, or mutual TLS. |
IstioAuthMode
Istio auth mode, https://istio.io/docs/concepts/security/mutual-tls.html
| Enums | |
|---|---|
AUTH_NONE |
auth not enabled |
AUTH_MUTUAL_TLS |
auth mutual TLS enabled |
CloudRunConfig
Configuration options for the Cloud Run feature.
| JSON representation | |
|---|---|
{
"disabled": boolean,
"loadBalancerType": enum ( |
|
| Fields | |
|---|---|
disabled |
Whether Cloud Run addon is enabled for this cluster. |
loadBalancerType |
Which load balancer type is installed for Cloud Run. |
LoadBalancerType
Load balancer type of ingress service of Cloud Run.
| Enums | |
|---|---|
LOAD_BALANCER_TYPE_UNSPECIFIED |
Load balancer type for Cloud Run is unspecified. |
LOAD_BALANCER_TYPE_EXTERNAL |
Install external load balancer for Cloud Run. |
LOAD_BALANCER_TYPE_INTERNAL |
Install internal load balancer for Cloud Run. |
DnsCacheConfig
Configuration for NodeLocal DNSCache
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Whether NodeLocal DNSCache is enabled for this cluster. |
ConfigConnectorConfig
Configuration options for the Config Connector add-on.
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Whether Cloud Connector is enabled for this cluster. |
GcePersistentDiskCsiDriverConfig
Configuration for the Compute Engine PD CSI driver.
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Whether the Compute Engine PD CSI driver is enabled for this cluster. |
KalmConfig
Configuration options for the KALM addon.
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Whether KALM is enabled for this cluster. |
LegacyAbac
Configuration for the legacy Attribute Based Access Control authorization mode.
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. |
NetworkPolicy
Configuration options for the NetworkPolicy feature. https://kubernetes.io/docs/concepts/services-networking/networkpolicies/
| JSON representation | |
|---|---|
{
"provider": enum ( |
|
| Fields | |
|---|---|
provider |
The selected network policy provider. |
enabled |
Whether network policy is enabled on the cluster. |
Provider
Allowed Network Policy providers.
| Enums | |
|---|---|
PROVIDER_UNSPECIFIED |
Not set |
CALICO |
Tigera (Calico Felix). |
IPAllocationPolicy
Configuration for controlling how IPs are allocated in the cluster.
| JSON representation | |
|---|---|
{ "useIpAliases": boolean, "createSubnetwork": boolean, "subnetworkName": string, "clusterIpv4Cidr": string, "nodeIpv4Cidr": string, "servicesIpv4Cidr": string, "clusterSecondaryRangeName": string, "servicesSecondaryRangeName": string, "clusterIpv4CidrBlock": string, "nodeIpv4CidrBlock": string, "servicesIpv4CidrBlock": string, "allowRouteOverlap": boolean, "tpuIpv4CidrBlock": string, "useRoutes": boolean } |
|
| Fields | |
|---|---|
useIpAliases |
Whether alias IPs will be used for pod IPs in the cluster. This is used in conjunction with useRoutes. It cannot be true if useRoutes is true. If both useIpAliases and useRoutes are false, then the server picks the default IP allocation mode |
createSubnetwork |
Whether a new subnetwork will be created automatically for the cluster. This field is only applicable when |
subnetworkName |
A custom subnetwork name to be used if |
clusterIpv4Cidr |
This field is deprecated, use clusterIpv4CidrBlock. |
nodeIpv4Cidr |
This field is deprecated, use nodeIpv4CidrBlock. |
servicesIpv4Cidr |
This field is deprecated, use servicesIpv4CidrBlock. |
clusterSecondaryRangeName |
The name of the secondary range to be used for the cluster CIDR block. The secondary range will be used for pod IP addresses. This must be an existing secondary range associated with the cluster subnetwork. This field is only applicable with useIpAliases and createSubnetwork is false. |
servicesSecondaryRangeName |
The name of the secondary range to be used as for the services CIDR block. The secondary range will be used for service ClusterIPs. This must be an existing secondary range associated with the cluster subnetwork. This field is only applicable with useIpAliases and createSubnetwork is false. |
clusterIpv4CidrBlock |
The IP address range for the cluster pod IPs. If this field is set, then This field is only applicable when Set to blank to have a range chosen with the default size. Set to /netmask (e.g. Set to a CIDR notation (e.g. |
nodeIpv4CidrBlock |
The IP address range of the instance IPs in this cluster. This is applicable only if Set to blank to have a range chosen with the default size. Set to /netmask (e.g. Set to a CIDR notation (e.g. |
servicesIpv4CidrBlock |
The IP address range of the services IPs in this cluster. If blank, a range will be automatically chosen with the default size. This field is only applicable when Set to blank to have a range chosen with the default size. Set to /netmask (e.g. Set to a CIDR notation (e.g. |
allowRouteOverlap |
If true, allow allocation of cluster CIDR ranges that overlap with certain kinds of network routes. By default we do not allow cluster CIDR ranges to intersect with any user declared routes. With allowRouteOverlap == true, we allow overlapping with CIDR ranges that are larger than the cluster CIDR range. If this field is set to true, then cluster and services CIDRs must be fully-specified (e.g. |
tpuIpv4CidrBlock |
The IP address range of the Cloud TPUs in this cluster. If unspecified, a range will be automatically chosen with the default size. This field is only applicable when If unspecified, the range will use the default size. Set to /netmask (e.g. Set to a CIDR notation (e.g. |
useRoutes |
Whether routes will be used for pod IPs in the cluster. This is used in conjunction with useIpAliases. It cannot be true if useIpAliases is true. If both useIpAliases and useRoutes are false, then the server picks the default IP allocation mode |
MasterAuthorizedNetworksConfig
Configuration options for the master authorized networks feature. Enabled master authorized networks will disallow all external traffic to access Kubernetes master through HTTPS except traffic from the given CIDR blocks, Google Compute Engine Public IPs and Google Prod IPs.
| JSON representation | |
|---|---|
{
"enabled": boolean,
"cidrBlocks": [
{
object ( |
|
| Fields | |
|---|---|
enabled |
Whether or not master authorized networks is enabled. |
cidrBlocks[] |
cidrBlocks define up to 10 external networks that could access Kubernetes master through HTTPS. |
CidrBlock
CidrBlock contains an optional name and one CIDR block.
| JSON representation | |
|---|---|
{ "displayName": string, "cidrBlock": string } |
|
| Fields | |
|---|---|
displayName |
displayName is an optional field for users to identify CIDR blocks. |
cidrBlock |
cidrBlock must be specified in CIDR notation. |
MaintenancePolicy
MaintenancePolicy defines the maintenance policy to be used for the cluster.
| JSON representation | |
|---|---|
{
"window": {
object ( |
|
| Fields | |
|---|---|
window |
Specifies the maintenance window in which maintenance may be performed. |
resourceVersion |
A hash identifying the version of this policy, so that updates to fields of the policy won't accidentally undo intermediate changes (and so that users of the API unaware of some fields won't accidentally remove other fields). Make a |
MaintenanceWindow
MaintenanceWindow defines the maintenance window to be used for the cluster.
| JSON representation | |
|---|---|
{ "maintenanceExclusions": { string: { object ( |
|
| Fields | ||
|---|---|---|
maintenanceExclusions |
Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows. An object containing a list of |
|
Union field policy. Unimplemented, reserved for future use. HourlyMaintenanceWindow hourly_maintenance_window = 1; policy can be only one of the following: |
||
dailyMaintenanceWindow |
DailyMaintenanceWindow specifies a daily maintenance operation window. |
|
recurringWindow |
RecurringWindow specifies some number of recurring time periods for maintenance to occur. The time windows may be overlapping. If no maintenance windows are set, maintenance can occur at any time. |
|
DailyMaintenanceWindow
Time window specified for daily maintenance operations.
| JSON representation | |
|---|---|
{ "startTime": string, "duration": string } |
|
| Fields | |
|---|---|
startTime |
Time within the maintenance window to start the maintenance operations. It must be in format "HH:MM", where HH : [00-23] and MM : [00-59] GMT. |
duration |
[Output only] Duration of the time window, automatically chosen to be smallest possible in the given scenario. |
RecurringTimeWindow
Represents an arbitrary window of time that recurs.
| JSON representation | |
|---|---|
{
"window": {
object ( |
|
| Fields | |
|---|---|
window |
The window of the first recurrence. |
recurrence |
An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how this window reccurs. They go on for the span of time between the start and end time. For example, to have something repeat every weekday, you'd use: To repeat some window daily (equivalent to the DailyMaintenanceWindow): For the first weekend of every month: This specifies how frequently the window starts. Eg, if you wanted to have a 9-5 UTC-4 window every weekday, you'd use something like: Windows can span multiple days. Eg, to make the window encompass every weekend from midnight Saturday till the last minute of Sunday UTC: Note the start and end time's specific dates are largely arbitrary except to specify duration of the window and when it first starts. The FREQ values of HOURLY, MINUTELY, and SECONDLY are not supported. |
TimeWindow
Represents an arbitrary window of time.
| JSON representation | |
|---|---|
{ "startTime": string, "endTime": string } |
|
| Fields | |
|---|---|
startTime |
The time that the window first starts. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
endTime |
The time that the window ends. The end time should take place after the start time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
BinaryAuthorization
Configuration for Binary Authorization.
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binauthz. |
PodSecurityPolicyConfig
Configuration for the PodSecurityPolicy feature.
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. |
ClusterAutoscaling
ClusterAutoscaling contains global, per-cluster information required by Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs.
| JSON representation | |
|---|---|
{ "enableNodeAutoprovisioning": boolean, "resourceLimits": [ { object ( |
|
| Fields | |
|---|---|
enableNodeAutoprovisioning |
Enables automatic node pool creation and deletion. |
resourceLimits[] |
Contains global constraints regarding minimum and maximum amount of resources in the cluster. |
autoscalingProfile |
Defines autoscaling behaviour. |
autoprovisioningNodePoolDefaults |
AutoprovisioningNodePoolDefaults contains defaults for a node pool created by NAP. |
autoprovisioningLocations[] |
The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP. |
ResourceLimit
Contains information about amount of some resource in the cluster. For memory, value should be in GB.
| JSON representation | |
|---|---|
{ "resourceType": string, "minimum": string, "maximum": string } |
|
| Fields | |
|---|---|
resourceType |
Resource name "cpu", "memory" or gpu-specific string. |
minimum |
Minimum amount of the resource in the cluster. |
maximum |
Maximum amount of the resource in the cluster. |
AutoscalingProfile
Defines possible options for autoscalingProfile field.
| Enums | |
|---|---|
PROFILE_UNSPECIFIED |
No change to autoscaling configuration. |
OPTIMIZE_UTILIZATION |
Prioritize optimizing utilization of resources. |
BALANCED |
Use default (balanced) autoscaling configuration. |
AutoprovisioningNodePoolDefaults
AutoprovisioningNodePoolDefaults contains defaults for a node pool created by NAP.
| JSON representation | |
|---|---|
{ "oauthScopes": [ string ], "serviceAccount": string, "upgradeSettings": { object ( |
|
| Fields | |
|---|---|
oauthScopes[] |
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. The following scopes are recommended, but not required, and by default are not included:
If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added. |
serviceAccount |
The Google Cloud Platform Service Account to be used by the node VMs. Specify the email address of the Service Account; otherwise, if no Service Account is specified, the "default" service account is used. |
upgradeSettings |
Upgrade settings control disruption and speed of the upgrade. |
management |
NodeManagement configuration for this NodePool. |
minCpuPlatform |
Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as |
diskSizeGb |
Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB. |
diskType |
Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced') If unspecified, the default disk type is 'pd-standard' |
shieldedInstanceConfig |
Shielded Instance options. |
bootDiskKmsKey |
The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption |
NetworkConfig
NetworkConfig reports the relative names of network & subnetwork.
| JSON representation | |
|---|---|
{ "network": string, "subnetwork": string, "enableIntraNodeVisibility": boolean, "defaultSnatStatus": { object ( |
|
| Fields | |
|---|---|
network |
Output only. The relative name of the Google Compute Engine |
subnetwork |
Output only. The relative name of the Google Compute Engine subnetwork to which the cluster is connected. Example: projects/my-project/regions/us-central1/subnetworks/my-subnet |
enableIntraNodeVisibility |
Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. |
defaultSnatStatus |
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled. When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic. |
datapathProvider |
The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation. |
privateIpv6GoogleAccess |
The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4) |
DefaultSnatStatus
DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster.
| JSON representation | |
|---|---|
{ "disabled": boolean } |
|
| Fields | |
|---|---|
disabled |
Disables cluster default sNAT rules. |
DatapathProvider
The datapath provider selects the implementation of the Kubernetes networking // model for service resolution and network policy enforcement.
| Enums | |
|---|---|
DATAPATH_PROVIDER_UNSPECIFIED |
Default value. |
LEGACY_DATAPATH |
Use the IPTables implementation based on kube-proxy. |
ADVANCED_DATAPATH |
Use the eBPF based GKE Dataplane V2 with additional features. See the GKE Dataplane V2 documentation for more. |
PrivateIPv6GoogleAccess
PrivateIPv6GoogleAccess controls whether and how the pods can communicate with Google Services through gRPC over IPv6.
| Enums | |
|---|---|
PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED |
Default value. Same as DISABLED |
PRIVATE_IPV6_GOOGLE_ACCESS_DISABLED |
No private access to or from Google Services |
PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE |
Enables private IPv6 access to Google Services from GKE |
PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL |
Enables priate IPv6 access to and from Google Services |
ResourceUsageExportConfig
Configuration for exporting cluster resource usages.
| JSON representation | |
|---|---|
{ "bigqueryDestination": { object ( |
|
| Fields | |
|---|---|
bigqueryDestination |
Configuration to use BigQuery as usage export destination. |
enableNetworkEgressMetering |
Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. |
consumptionMeteringConfig |
Configuration to enable resource consumption metering. |
BigQueryDestination
Parameters for using BigQuery as the destination of resource usage export.
| JSON representation | |
|---|---|
{ "datasetId": string } |
|
| Fields | |
|---|---|
datasetId |
The ID of a BigQuery Dataset. |
ConsumptionMeteringConfig
Parameters for controlling consumption metering.
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Whether to enable consumption metering for this cluster. If enabled, a second BigQuery table will be created to hold resource consumption records. |
AuthenticatorGroupsConfig
Configuration for returning group information from authenticators.
| JSON representation | |
|---|---|
{ "enabled": boolean, "securityGroup": string } |
|
| Fields | |
|---|---|
enabled |
Whether this cluster should return group membership lookups during authentication using a group of security groups. |
securityGroup |
The name of the security group-of-groups to be used. Only relevant if enabled = true. |
PrivateClusterConfig
Configuration options for private clusters.
| JSON representation | |
|---|---|
{
"enablePrivateNodes": boolean,
"enablePrivateEndpoint": boolean,
"masterIpv4CidrBlock": string,
"privateEndpoint": string,
"publicEndpoint": string,
"peeringName": string,
"masterGlobalAccessConfig": {
object ( |
|
| Fields | |
|---|---|
enablePrivateNodes |
Whether nodes have internal IP addresses only. If enabled, all nodes are given only RFC 1918 private addresses and communicate with the master via private networking. |
enablePrivateEndpoint |
Whether the master's internal IP address is used as the cluster endpoint. |
masterIpv4CidrBlock |
The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network. |
privateEndpoint |
Output only. The internal IP address of this cluster's master endpoint. |
publicEndpoint |
Output only. The external IP address of this cluster's master endpoint. |
peeringName |
Output only. The peering name in the customer VPC used by this cluster. |
masterGlobalAccessConfig |
Controls master global access settings. |
PrivateClusterMasterGlobalAccessConfig
Configuration for controlling master global access settings.
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Whenever master is accessible globally or not. |
VerticalPodAutoscaling
VerticalPodAutoscaling contains global, per-cluster information required by Vertical Pod Autoscaler to automatically adjust the resources of pods controlled by it.
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Enables vertical pod autoscaling. |
ShieldedNodes
Configuration of Shielded Nodes feature.
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Whether Shielded Nodes features are enabled on all nodes in this cluster. |
ReleaseChannel
ReleaseChannel indicates which release channel a cluster is subscribed to. Release channels are arranged in order of risk.
When a cluster is subscribed to a release channel, Google maintains both the master version and the node version. Node auto-upgrade defaults to true and cannot be disabled.
| JSON representation | |
|---|---|
{
"channel": enum ( |
|
| Fields | |
|---|---|
channel |
channel specifies which release channel the cluster is subscribed to. |
Channel
Possible values for 'channel'.
| Enums | |
|---|---|
UNSPECIFIED |
No channel specified. |
RAPID |
RAPID channel is offered on an early access basis for customers who want to test new releases. WARNING: Versions available in the RAPID Channel may be subject to unresolved issues with no known workaround and are not subject to any SLAs. |
REGULAR |
Clusters subscribed to REGULAR receive versions that are considered GA quality. REGULAR is intended for production users who want to take advantage of new features. |
STABLE |
Clusters subscribed to STABLE receive versions that are known to be stable and reliable in production. |
WorkloadIdentityConfig
Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.
| JSON representation | |
|---|---|
{ "identityNamespace": string, "workloadPool": string, "identityProvider": string } |
|
| Fields | |
|---|---|
identityNamespace |
IAM Identity Namespace to attach all Kubernetes Service Accounts to. |
workloadPool |
The workload pool to attach all Kubernetes service accounts to. |
identityProvider |
identity provider is the third party identity provider. |
ClusterTelemetry
Telemetry integration for the cluster.
| JSON representation | |
|---|---|
{
"type": enum ( |
|
| Fields | |
|---|---|
type |
Type of the integration. |
Type
Type of the integration.
| Enums | |
|---|---|
UNSPECIFIED |
Not set. |
DISABLED |
Monitoring integration is disabled. |
ENABLED |
Monitoring integration is enabled. |
SYSTEM_ONLY |
Only system components are monitored and logged. |
TpuConfig
Configuration for Cloud TPU.
| JSON representation | |
|---|---|
{ "enabled": boolean, "useServiceNetworking": boolean, "ipv4CidrBlock": string } |
|
| Fields | |
|---|---|
enabled |
Whether Cloud TPU integration is enabled or not. |
useServiceNetworking |
Whether to use service networking for Cloud TPU or not. |
ipv4CidrBlock |
IPv4 CIDR block reserved for Cloud TPU in the VPC. |
NotificationConfig
NotificationConfig is the configuration of notifications.
| JSON representation | |
|---|---|
{
"pubsub": {
object ( |
|
| Fields | |
|---|---|
pubsub |
Notification config for Pub/Sub. |
Pub/Sub
Pub/Sub specific notification config.
| JSON representation | |
|---|---|
{ "enabled": boolean, "topic": string } |
|
| Fields | |
|---|---|
enabled |
Enable notifications for Pub/Sub. |
topic |
The desired Pub/Sub topic to which notifications will be sent by GKE. Format is |
ConfidentialNodes
ConfidentialNodes is configuration for the confidential nodes feature, which makes nodes run on confidential VMs.
| JSON representation | |
|---|---|
{ "enabled": boolean } |
|
| Fields | |
|---|---|
enabled |
Whether Confidential Nodes feature is enabled for all nodes in this cluster. |
Status
The current status of the cluster.
| Enums | |
|---|---|
STATUS_UNSPECIFIED |
Not set. |
PROVISIONING |
The PROVISIONING state indicates the cluster is being created. |
RUNNING |
The RUNNING state indicates the cluster has been created and is fully usable. |
RECONCILING |
The RECONCILING state indicates that some work is actively being done on the cluster, such as upgrading the master or node software. Details can be found in the statusMessage field. |
STOPPING |
The STOPPING state indicates the cluster is being deleted. |
ERROR |
The ERROR state indicates the cluster may be unusable. Details can be found in the statusMessage field. |
DEGRADED |
The DEGRADED state indicates the cluster requires user action to restore full functionality. Details can be found in the statusMessage field. |
DatabaseEncryption
Configuration of etcd encryption.
| JSON representation | |
|---|---|
{
"state": enum ( |
|
| Fields | |
|---|---|
state |
Denotes the state of etcd encryption. |
keyName |
Name of CloudKMS key to use for the encryption of secrets in etcd. Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key |
State
State of etcd encryption.
| Enums | |
|---|---|
UNKNOWN |
Should never be set |
ENCRYPTED |
Secrets in etcd are encrypted. |
DECRYPTED |
Secrets in etcd are stored in plain text (at etcd level) - this is unrelated to Compute Engine level full disk encryption. |
Master
Master is the configuration for components on master.
Methods |
|
|---|---|
|
Completes master IP rotation. |
|
Creates a cluster, consisting of the specified number and type of Google Compute Engine instances. |
|
Deletes the cluster, including the Kubernetes endpoint and all worker nodes. |
|
Gets the details for a specific cluster. |
|
Gets the public component of the cluster signing keys in JSON Web Key format. |
|
Lists all clusters owned by a project in either the specified zone or all zones. |
|
Sets the addons for a specific cluster. |
|
Enables or disables the ABAC authorization mechanism on a cluster. |
(deprecated) |
Sets the locations for a specific cluster. |
|
Sets the logging service for a specific cluster. |
|
Sets the maintenance policy for a cluster. |
|
Sets master auth materials. |
|
Sets the monitoring service for a specific cluster. |
|
Enables or disables Network Policy for a cluster. |
|
Sets labels on a cluster. |
|
Starts master IP rotation. |
|
Updates the settings for a specific cluster. |
|
Updates the master for a specific cluster. |