apiVersion (string)
container.gcp.gke.cloud.google.com/v1beta1
spec (object)
ClusterSpec defines the desired state of Cluster
deletionPolicy (string)
DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
forProvider (object)
No description provided.
addonsConfig (array)
The configuration for addons supported by GKE. Structure is documented below.
cloudrunConfig (array)
. Structure is documented below.
disabled (boolean)
The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
loadBalancerType (string)
The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
configConnectorConfig (array)
. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.
enabled (boolean)
Enables vertical pod autoscaling
dnsCacheConfig (array)
. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.
enabled (boolean)
Enables vertical pod autoscaling
gcePersistentDiskCsiDriverConfig (array)
. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled.
enabled (boolean)
Enables vertical pod autoscaling
gcpFilestoreCsiDriverConfig (array)
The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
enabled (boolean)
Enables vertical pod autoscaling
gkeBackupAgentConfig (array)
. The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
enabled (boolean)
Enables vertical pod autoscaling
horizontalPodAutoscaling (array)
The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
disabled (boolean)
The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
httpLoadBalancing (array)
The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
disabled (boolean)
The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
networkPolicyConfig (array)
Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
disabled (boolean)
The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
authenticatorGroupsConfig (array)
Configuration for the Google Groups for GKE feature. Structure is documented below.
securityGroup (string)
The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
binaryAuthorization (array)
Configuration options for the Binary Authorization feature. Structure is documented below.
enabled (boolean)
(DEPRECATED) Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
evaluationMode (string)
Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the deprecated enable_binary_authorization parameter being set to true.
clusterAutoscaling (array)
Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
autoProvisioningDefaults (array)
Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
bootDiskKmsKey (string)
The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
diskSize (number)
Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
diskType (string)
Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
imageType (string)
The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
management (array)
NodeManagement configuration for this NodePool. Structure is documented below.
autoRepair (boolean)
Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
autoUpgrade (boolean)
Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
oauthScopes (array)
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
serviceAccount (string)
The service account to be used by the Node VMs. If not specified, the "default" service account is used.
shieldedInstanceConfig (array)
Shielded Instance options. Structure is documented below.
enableIntegrityMonitoring (boolean)
Defines if the instance has integrity monitoring enabled.
enableSecureBoot (boolean)
Defines if the instance has Secure Boot enabled.
upgradeSettings (array)
Specifies the upgrade settings for NAP created node pools. Structure is documented below.
blueGreenSettings (array)
Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
nodePoolSoakDuration (string)
Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
standardRolloutPolicy (array)
green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
batchNodeCount (number)
Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
batchPercentage (number)
: Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
batchSoakDuration (string)
Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
maxSurge (number)
The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
maxUnavailable (number)
The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
strategy (string)
Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
enabled (boolean)
Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
resourceLimits (array)
Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
maximum (number)
Maximum amount of the resource in the cluster.
minimum (number)
Minimum amount of the resource in the cluster.
resourceType (string)
The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
clusterIpv4Cidr (string)
The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.
confidentialNodes (array)
Configuration for Confidential Nodes feature. Structure is documented below documented below.
enabled (boolean)
Enable Confidential Nodes for this cluster.
costManagementConfig (array)
Configuration for the Cost Allocation feature. Structure is documented below.
enabled (boolean)
Whether to enable the cost allocation feature.
databaseEncryption (array)
Structure is documented below.
keyName (string)
the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
state (string)
ENCRYPTED or DECRYPTED
datapathProvider (string)
The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.
defaultMaxPodsPerNode (number)
The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
defaultSnatStatus (array)
GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
disabled (boolean)
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
dnsConfig (array)
Configuration for Using Cloud DNS for GKE. Structure is documented below.
clusterDns (string)
Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
clusterDnsDomain (string)
The suffix used for all cluster service records.
clusterDnsScope (string)
The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
enableAutopilot (boolean)
Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
enableBinaryAuthorization (boolean)
(DEPRECATED) Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.
enableIntranodeVisibility (boolean)
Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
enableKubernetesAlpha (boolean)
Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
enableL4IlbSubsetting (boolean)
Whether L4ILB Subsetting is enabled for this cluster.
enableLegacyAbac (boolean)
Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
enableShieldedNodes (boolean)
Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
enableTpu (boolean)
Whether to enable Cloud TPU resources in this cluster. See the official documentation.
gatewayApiConfig (array)
Configuration for GKE Gateway API controller. Structure is documented below.
channel (string)
Which Gateway Api channel should be used. CHANNEL_DISABLED or CHANNEL_STANDARD.
initialNodeCount (number)
The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
ipAllocationPolicy (array)
Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
clusterIpv4CidrBlock (string)
The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC 1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
clusterSecondaryRangeName (string)
The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
servicesIpv4CidrBlock (string)
The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC 1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
servicesSecondaryRangeName (string)
The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
location (string)
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
loggingConfig (array)
Logging configuration for the cluster. Structure is documented below.
enableComponents (array)
The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
loggingService (string)
The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
maintenancePolicy (array)
The maintenance policy to use for the cluster. Structure is documented below.
dailyMaintenanceWindow (array)
structure documented below.
startTime (string)
No description provided.
maintenanceExclusion (array)
structure documented below
endTime (string)
No description provided.
exclusionName (string)
The name of the cluster, unique within the project and location.
exclusionOptions (array)
MaintenanceExclusionOptions provides maintenance exclusion related options.
scope (string)
The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES
startTime (string)
No description provided.
recurringWindow (array)
structure documented below
endTime (string)
No description provided.
recurrence (string)
No description provided.
startTime (string)
No description provided.
masterAuth (array)
The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
clientCertificateConfig (array)
Whether client certificate authorization is enabled for this cluster. For example:
issueClientCertificate (boolean)
No description provided.
masterAuthorizedNetworksConfig (array)
The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
cidrBlocks (array)
External networks that can access the Kubernetes cluster master through HTTPS.
cidrBlock (string)
External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
displayName (string)
Field for users to identify CIDR blocks.
gcpPublicCidrsAccessEnabled (boolean)
Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
meshCertificates (array)
Structure is documented below.
enableCertificates (boolean)
Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
minMasterVersion (string)
The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). If you intend to specify versions manually, the docs describe the various acceptable formats for this field.
monitoringConfig (array)
Monitoring configuration for the cluster. Structure is documented below.
enableComponents (array)
The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)
managedPrometheus (array)
Configuration for Managed Service for Prometheus. Structure is documented below.
enabled (boolean)
Enables vertical pod autoscaling
monitoringService (string)
The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
network (string)
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
networkPolicy (array)
Configuration options for the NetworkPolicy feature. Structure is documented below.
enabled (boolean)
Whether network policy is enabled on the cluster.
provider (string)
The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.
networkRef (object)
Reference to a Network in compute to populate network.
name (string)
Name of the referenced object.
policy (object)
Policies for referencing.
resolution (string)
Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.
resolve (string)
Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.
networkSelector (object)
Selector for a Network in compute to populate network.
matchControllerRef (boolean)
MatchControllerRef ensures an object with the same controller reference as the selecting object is selected.
matchLabels (object)
MatchLabels ensures an object with matching labels is selected.
additionalProperties (string)
No description provided.
policy (object)
Policies for selection.
resolution (string)
Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.
resolve (string)
Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.
networkingMode (string)
Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.
nodeConfig (array)
Parameters used in creating the default node pool. Structure is documented below.
bootDiskKmsKey (string)
The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
diskSizeGb (number)
Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
diskType (string)
Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
gcfsConfig (array)
Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
enabled (boolean)
Enables vertical pod autoscaling
guestAccelerator (array)
List of the type and count of accelerator cards attached to the instance. Structure documented below.12 this field is an Attribute as Block
count (number)
The number of the guest accelerator cards exposed to this instance.
gpuPartitionSize (string)
Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
gpuSharingConfig (array)
Configuration for GPU sharing. Structure is documented below.
gpuSharingStrategy (string)
The type of GPU sharing strategy to enable on the GPU node. Accepted values are:
maxSharedClientsPerGpu (number)
The maximum number of containers that can share a GPU.
type (string)
The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
gvnic (array)
Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
enabled (boolean)
Enables vertical pod autoscaling
imageType (string)
The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
kubeletConfig (array)
Kubelet configuration, currently supported attributes can be found here. Structure is documented below.
cpuCfsQuota (boolean)
If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
cpuCfsQuotaPeriod (string)
The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
cpuManagerPolicy (string)
The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". Defaults to none when kubelet_config is unset.
podPidsLimit (number)
Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
labels (object)
The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
additionalProperties (string)
No description provided.
linuxNodeConfig (array)
Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.
sysctls (object)
The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value.
additionalProperties (string)
No description provided.
localSsdCount (number)
The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
loggingVariant (string)
wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
machineType (string)
The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
nodeGroup (string)
Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
oauthScopes (array)
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
preemptible (boolean)
A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
reservationAffinity (array)
The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
consumeReservationType (string)
The type of reservation consumption Accepted values are:
key (string)
Key for taint.
resourceLabels (object)
The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
additionalProperties (string)
No description provided.
serviceAccount (string)
The service account to be used by the Node VMs. If not specified, the "default" service account is used.
shieldedInstanceConfig (array)
Shielded Instance options. Structure is documented below.
enableIntegrityMonitoring (boolean)
Defines if the instance has integrity monitoring enabled.
enableSecureBoot (boolean)
Defines if the instance has Secure Boot enabled.
spot (boolean)
A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
taint (array)
A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
effect (string)
Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
key (string)
Key for taint.
value (string)
Value for taint.
nodeLocations (array)
The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
nodePoolDefaults (array)
Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
nodeConfigDefaults (array)
Subset of NodeConfig message that has defaults.
loggingVariant (string)
The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
nodeVersion (string)
The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. To update nodes in other node pools, use the version attribute on the node pool.
notificationConfig (array)
Configuration for the cluster upgrade notifications feature. Structure is documented below.
pubsub (array)
The pubsub config for the cluster's upgrade notifications.
enabled (boolean)
Whether or not the notification config is enabled
filter (array)
Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
eventType (array)
Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details.
topic (string)
The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/project/topics/topic.
privateClusterConfig (array)
Configuration for private clusters, clusters with private nodes. Structure is documented below.
enablePrivateEndpoint (boolean)
When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable_private_nodes is true.
enablePrivateNodes (boolean)
Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
masterGlobalAccessConfig (array)
Controls cluster master global access settings. Structure is documented below.
enabled (boolean)
Whether the cluster master is accessible globally or not.
masterIpv4CidrBlock (string)
The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.
privateEndpointSubnetwork (string)
Subnetwork in cluster's network where master's endpoint will be provisioned.
privateIpv6GoogleAccess (string)
The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
project (string)
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
releaseChannel (array)
Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the google_container_engine_versions datasource can provide the default version for a channel. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
channel (string)
The selected release channel. Accepted values are:
removeDefaultNodePool (boolean)
If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
resourceLabels (object)
The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
additionalProperties (string)
No description provided.
resourceUsageExportConfig (array)
Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
bigqueryDestination (array)
Parameters for using BigQuery as the destination of resource usage export.
datasetId (string)
The ID of a BigQuery Dataset. For Example:
enableNetworkEgressMetering (boolean)
Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
enableResourceConsumptionMetering (boolean)
Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.
serviceExternalIpsConfig (array)
Structure is documented below.
enabled (boolean)
Controls whether external ips specified by a service will be allowed. It is enabled by default.
subnetwork (string)
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
subnetworkRef (object)
Reference to a Subnetwork in compute to populate subnetwork.
name (string)
Name of the referenced object.
policy (object)
Policies for referencing.
resolution (string)
Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.
resolve (string)
Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.
subnetworkSelector (object)
Selector for a Subnetwork in compute to populate subnetwork.
matchControllerRef (boolean)
MatchControllerRef ensures an object with the same controller reference as the selecting object is selected.
matchLabels (object)
MatchLabels ensures an object with matching labels is selected.
additionalProperties (string)
No description provided.
policy (object)
Policies for selection.
resolution (string)
Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.
resolve (string)
Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.
verticalPodAutoscaling (array)
Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
enabled (boolean)
Enables vertical pod autoscaling
workloadIdentityConfig (array)
Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
workloadPool (string)
The workload pool to attach all Kubernetes service accounts to.
managementPolicy (string)
THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. ManagementPolicy specifies the level of control Crossplane has over the managed external resource. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
providerConfigRef (object)
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
name (string)
Name of the referenced object.
policy (object)
Policies for referencing.
resolution (string)
Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.
resolve (string)
Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.
providerRef (object)
ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`
name (string)
Name of the referenced object.
policy (object)
Policies for referencing.
resolution (string)
Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.
resolve (string)
Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.
publishConnectionDetailsTo (object)
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
configRef (object)
SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.
name (string)
Name of the referenced object.
policy (object)
Policies for referencing.
resolution (string)
Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.
resolve (string)
Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.
name (string)
Name is the name of the connection secret.
writeConnectionSecretToRef (object)
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
name (string)
Name of the secret.
namespace (string)
Namespace of the secret.
status (object)
ClusterStatus defines the observed state of Cluster.
atProvider (object)
No description provided.
addonsConfig (array)
The configuration for addons supported by GKE. Structure is documented below.
cloudrunConfig (array)
. Structure is documented below.
disabled (boolean)
The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
loadBalancerType (string)
The load balancer type of CloudRun ingress service. It is external load balancer by default. Set load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL to configure it as internal load balancer.
configConnectorConfig (array)
. The status of the ConfigConnector addon. It is disabled by default; Set enabled = true to enable.
enabled (boolean)
Enables vertical pod autoscaling
dnsCacheConfig (array)
. The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.
enabled (boolean)
Enables vertical pod autoscaling
gcePersistentDiskCsiDriverConfig (array)
. Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set enabled = true to enabled.
enabled (boolean)
Enables vertical pod autoscaling
gcpFilestoreCsiDriverConfig (array)
The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. It is disabled by default; set enabled = true to enable.
enabled (boolean)
Enables vertical pod autoscaling
gkeBackupAgentConfig (array)
. The status of the Backup for GKE agent addon. It is disabled by default; Set enabled = true to enable.
enabled (boolean)
Enables vertical pod autoscaling
horizontalPodAutoscaling (array)
The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It is enabled by default; set disabled = true to disable.
disabled (boolean)
The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
httpLoadBalancing (array)
The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.
disabled (boolean)
The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
networkPolicyConfig (array)
Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.
disabled (boolean)
The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.
authenticatorGroupsConfig (array)
Configuration for the Google Groups for GKE feature. Structure is documented below.
securityGroup (string)
The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.
binaryAuthorization (array)
Configuration options for the Binary Authorization feature. Structure is documented below.
enabled (boolean)
(DEPRECATED) Enable Binary Authorization for this cluster. Deprecated in favor of evaluation_mode.
evaluationMode (string)
Mode of operation for Binary Authorization policy evaluation. Valid values are DISABLED and PROJECT_SINGLETON_POLICY_ENFORCE. PROJECT_SINGLETON_POLICY_ENFORCE is functionally equivalent to the deprecated enable_binary_authorization parameter being set to true.
clusterAutoscaling (array)
Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.
autoProvisioningDefaults (array)
Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below.
bootDiskKmsKey (string)
The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
diskSize (number)
Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100
diskType (string)
Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
imageType (string)
The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
management (array)
NodeManagement configuration for this NodePool. Structure is documented below.
autoRepair (boolean)
Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
autoUpgrade (boolean)
Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
upgradeOptions (array)
Specifies the Auto Upgrade knobs for the node pool.
autoUpgradeStartTime (string)
No description provided.
oauthScopes (array)
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
serviceAccount (string)
The service account to be used by the Node VMs. If not specified, the "default" service account is used.
shieldedInstanceConfig (array)
Shielded Instance options. Structure is documented below.
enableIntegrityMonitoring (boolean)
Defines if the instance has integrity monitoring enabled.
enableSecureBoot (boolean)
Defines if the instance has Secure Boot enabled.
upgradeSettings (array)
Specifies the upgrade settings for NAP created node pools. Structure is documented below.
blueGreenSettings (array)
Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
nodePoolSoakDuration (string)
Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
standardRolloutPolicy (array)
green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
batchNodeCount (number)
Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
batchPercentage (number)
: Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
batchSoakDuration (string)
Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
maxSurge (number)
The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
maxUnavailable (number)
The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
strategy (string)
Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
enabled (boolean)
Whether node auto-provisioning is enabled. Must be supplied for GKE Standard clusters, true is implied for autopilot clusters. Resource limits for cpu and memory must be defined to enable node auto-provisioning for GKE Standard.
resourceLimits (array)
Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. Structure is documented below.
maximum (number)
Maximum amount of the resource in the cluster.
minimum (number)
Minimum amount of the resource in the cluster.
resourceType (string)
The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.
clusterIpv4Cidr (string)
The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.
confidentialNodes (array)
Configuration for Confidential Nodes feature. Structure is documented below documented below.
enabled (boolean)
Enable Confidential Nodes for this cluster.
costManagementConfig (array)
Configuration for the Cost Allocation feature. Structure is documented below.
enabled (boolean)
Whether to enable the cost allocation feature.
databaseEncryption (array)
Structure is documented below.
keyName (string)
the key to use to encrypt/decrypt secrets. See the DatabaseEncryption definition for more information.
state (string)
ENCRYPTED or DECRYPTED
datapathProvider (string)
The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.
defaultMaxPodsPerNode (number)
The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.
defaultSnatStatus (array)
GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below
disabled (boolean)
Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
dnsConfig (array)
Configuration for Using Cloud DNS for GKE. Structure is documented below.
clusterDns (string)
Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.
clusterDnsDomain (string)
The suffix used for all cluster service records.
clusterDnsScope (string)
The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.
enableAutopilot (boolean)
Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features.
enableBinaryAuthorization (boolean)
(DEPRECATED) Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization. Deprecated in favor of binary_authorization.
enableIntranodeVisibility (boolean)
Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
enableKubernetesAlpha (boolean)
Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.
enableL4IlbSubsetting (boolean)
Whether L4ILB Subsetting is enabled for this cluster.
enableLegacyAbac (boolean)
Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false
enableShieldedNodes (boolean)
Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.
enableTpu (boolean)
Whether to enable Cloud TPU resources in this cluster. See the official documentation.
endpoint (string)
The IP address of this cluster's Kubernetes master.
gatewayApiConfig (array)
Configuration for GKE Gateway API controller. Structure is documented below.
channel (string)
Which Gateway Api channel should be used. CHANNEL_DISABLED or CHANNEL_STANDARD.
id (string)
an identifier for the resource with format projects/project/locations/zone/clusters/name
initialNodeCount (number)
The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
ipAllocationPolicy (array)
Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.
clusterIpv4CidrBlock (string)
The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC 1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
clusterSecondaryRangeName (string)
The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.
servicesIpv4CidrBlock (string)
The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC 1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.
servicesSecondaryRangeName (string)
The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.
labelFingerprint (string)
The fingerprint of the set of labels for this cluster.
location (string)
The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well
loggingConfig (array)
Logging configuration for the cluster. Structure is documented below.
enableComponents (array)
The GKE components exposing logs. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.
loggingService (string)
The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes
maintenancePolicy (array)
The maintenance policy to use for the cluster. Structure is documented below.
dailyMaintenanceWindow (array)
structure documented below.
duration (string)
Duration of the time window, automatically chosen to be smallest possible in the given scenario. Duration will be in RFC 3339 format "PTnHnMnS".
startTime (string)
No description provided.
maintenanceExclusion (array)
structure documented below
endTime (string)
No description provided.
exclusionName (string)
The name of the cluster, unique within the project and location.
exclusionOptions (array)
MaintenanceExclusionOptions provides maintenance exclusion related options.
scope (string)
The scope of automatic upgrades to restrict in the exclusion window. One of: NO_UPGRADES | NO_MINOR_UPGRADES | NO_MINOR_OR_NODE_UPGRADES
startTime (string)
No description provided.
recurringWindow (array)
structure documented below
endTime (string)
No description provided.
recurrence (string)
No description provided.
startTime (string)
No description provided.
masterAuth (array)
The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.
clientCertificate (string)
Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.
clientCertificateConfig (array)
Whether client certificate authorization is enabled for this cluster. For example:
issueClientCertificate (boolean)
No description provided.
clusterCaCertificate (string)
Base64 encoded public certificate that is the root certificate of the cluster.
masterAuthorizedNetworksConfig (array)
The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). Structure is documented below.
cidrBlocks (array)
External networks that can access the Kubernetes cluster master through HTTPS.
cidrBlock (string)
External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.
displayName (string)
Field for users to identify CIDR blocks.
gcpPublicCidrsAccessEnabled (boolean)
Whether Kubernetes master is accessible via Google Compute Engine Public IPs.
masterVersion (string)
The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.
meshCertificates (array)
Structure is documented below.
enableCertificates (boolean)
Controls the issuance of workload mTLS certificates. It is enabled by default. Workload Identity is required, see workload_config.
minMasterVersion (string)
The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). If you intend to specify versions manually, the docs describe the various acceptable formats for this field.
monitoringConfig (array)
Monitoring configuration for the cluster. Structure is documented below.
enableComponents (array)
The GKE components exposing metrics. Supported values include: SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, and SCHEDULER. In beta provider, WORKLOADS is supported on top of those 4 values. (WORKLOADS is deprecated and removed in GKE 1.24.)
managedPrometheus (array)
Configuration for Managed Service for Prometheus. Structure is documented below.
enabled (boolean)
Enables vertical pod autoscaling
monitoringService (string)
The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes
network (string)
The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.
networkPolicy (array)
Configuration options for the NetworkPolicy feature. Structure is documented below.
enabled (boolean)
Whether network policy is enabled on the cluster.
provider (string)
The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.
networkingMode (string)
Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing, and requires the ip_allocation_policy block to be defined. By default, when this field is unspecified and no ip_allocation_policy blocks are set, GKE will create a ROUTES-based cluster.
nodeConfig (array)
Parameters used in creating the default node pool. Structure is documented below.
bootDiskKmsKey (string)
The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
diskSizeGb (number)
Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
diskType (string)
Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
gcfsConfig (array)
Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. Structure is documented below.
enabled (boolean)
Enables vertical pod autoscaling
guestAccelerator (array)
List of the type and count of accelerator cards attached to the instance. Structure documented below.12 this field is an Attribute as Block
count (number)
The number of the guest accelerator cards exposed to this instance.
gpuPartitionSize (string)
Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
gpuSharingConfig (array)
Configuration for GPU sharing. Structure is documented below.
gpuSharingStrategy (string)
The type of GPU sharing strategy to enable on the GPU node. Accepted values are:
maxSharedClientsPerGpu (number)
The maximum number of containers that can share a GPU.
type (string)
The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
gvnic (array)
Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
enabled (boolean)
Enables vertical pod autoscaling
imageType (string)
The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
kubeletConfig (array)
Kubelet configuration, currently supported attributes can be found here. Structure is documented below.
cpuCfsQuota (boolean)
If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
cpuCfsQuotaPeriod (string)
The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
cpuManagerPolicy (string)
The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". Defaults to none when kubelet_config is unset.
podPidsLimit (number)
Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
labels (object)
The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
additionalProperties (string)
No description provided.
linuxNodeConfig (array)
Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.
sysctls (object)
The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value.
additionalProperties (string)
No description provided.
localSsdCount (number)
The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
loggingVariant (string)
wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
machineType (string)
The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
nodeGroup (string)
Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
oauthScopes (array)
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
preemptible (boolean)
A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
reservationAffinity (array)
The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
consumeReservationType (string)
The type of reservation consumption Accepted values are:
key (string)
Key for taint.
resourceLabels (object)
The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
additionalProperties (string)
No description provided.
serviceAccount (string)
The service account to be used by the Node VMs. If not specified, the "default" service account is used.
shieldedInstanceConfig (array)
Shielded Instance options. Structure is documented below.
enableIntegrityMonitoring (boolean)
Defines if the instance has integrity monitoring enabled.
enableSecureBoot (boolean)
Defines if the instance has Secure Boot enabled.
spot (boolean)
A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
taint (array)
A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
effect (string)
Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
key (string)
Key for taint.
value (string)
Value for taint.
nodeLocations (array)
The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
nodePool (array)
List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the google_container_node_pool resource instead of this property.
autoscaling (array)
No description provided.
locationPolicy (string)
No description provided.
maxNodeCount (number)
No description provided.
minNodeCount (number)
No description provided.
totalMaxNodeCount (number)
No description provided.
totalMinNodeCount (number)
No description provided.
initialNodeCount (number)
The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.
instanceGroupUrls (array)
No description provided.
managedInstanceGroupUrls (array)
No description provided.
management (array)
NodeManagement configuration for this NodePool. Structure is documented below.
autoRepair (boolean)
Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
autoUpgrade (boolean)
Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
maxPodsPerNode (number)
No description provided.
name (string)
The name of the cluster, unique within the project and location.
namePrefix (string)
No description provided.
networkConfig (array)
No description provided.
createPodRange (boolean)
No description provided.
enablePrivateNodes (boolean)
Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
podIpv4CidrBlock (string)
No description provided.
podRange (string)
No description provided.
nodeConfig (array)
Parameters used in creating the default node pool. Structure is documented below.
bootDiskKmsKey (string)
The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
diskSizeGb (number)
Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
diskType (string)
Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-standard'
gcfsConfig (array)
The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below.
enabled (boolean)
Enables vertical pod autoscaling
guestAccelerator (array)
List of the type and count of accelerator cards attached to the instance. Structure documented below.12 this field is an Attribute as Block
count (number)
The number of the guest accelerator cards exposed to this instance.
gpuPartitionSize (string)
Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
gpuSharingConfig (array)
Configuration for GPU sharing. Structure is documented below.
gpuSharingStrategy (string)
The type of GPU sharing strategy to enable on the GPU node. Accepted values are:
maxSharedClientsPerGpu (number)
The maximum number of containers that can share a GPU.
type (string)
The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
gvnic (array)
Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later Structure is documented below.
enabled (boolean)
Enables vertical pod autoscaling
imageType (string)
The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
kubeletConfig (array)
Kubelet configuration, currently supported attributes can be found here. Structure is documented below.
cpuCfsQuota (boolean)
If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
cpuCfsQuotaPeriod (string)
The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
cpuManagerPolicy (string)
The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". Defaults to none when kubelet_config is unset.
podPidsLimit (number)
Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
labels (object)
The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
additionalProperties (string)
No description provided.
linuxNodeConfig (array)
Linux node configuration, currently supported attributes can be found here. Note that validations happen all server side. All attributes are optional. Structure is documented below.
sysctls (object)
The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value.
additionalProperties (string)
No description provided.
localSsdCount (number)
The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
loggingVariant (string)
The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
machineType (string)
The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
nodeGroup (string)
Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
oauthScopes (array)
The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.
preemptible (boolean)
A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
reservationAffinity (array)
The configuration of the desired reservation which instances could take capacity from. Structure is documented below.
consumeReservationType (string)
The type of reservation consumption Accepted values are:
key (string)
Key for taint.
resourceLabels (object)
The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
additionalProperties (string)
No description provided.
serviceAccount (string)
The service account to be used by the Node VMs. If not specified, the "default" service account is used.
shieldedInstanceConfig (array)
Shielded Instance options. Structure is documented below.
enableIntegrityMonitoring (boolean)
Defines if the instance has integrity monitoring enabled.
enableSecureBoot (boolean)
Defines if the instance has Secure Boot enabled.
spot (boolean)
A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
taint (array)
A list of Kubernetes taints to apply to nodes. GKE's API can only set this field on cluster creation. However, GKE will add taints to your nodes if you enable certain features such as GPUs. Taint values can be updated safely in Kubernetes (eg. through kubectl), and it's recommended that you do not use this field to manage taints. If you do, lifecycle.ignore_changes is recommended. Structure is documented below.
effect (string)
Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.
key (string)
Key for taint.
value (string)
Value for taint.
nodeCount (number)
No description provided.
nodeLocations (array)
The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.
placementPolicy (array)
No description provided.
type (string)
The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
upgradeSettings (array)
Specifies the upgrade settings for NAP created node pools. Structure is documented below.
blueGreenSettings (array)
Settings for blue-green upgrade strategy. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
nodePoolSoakDuration (string)
Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
standardRolloutPolicy (array)
green upgrade. To be specified when strategy is set to BLUE_GREEN. Structure is documented below.
batchNodeCount (number)
Number of blue nodes to drain in a batch. Only one of the batch_percentage or batch_node_count can be specified.
batchPercentage (number)
: Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0). Only one of the batch_percentage or batch_node_count can be specified.
batchSoakDuration (string)
Soak time after each batch gets drained. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`.
maxSurge (number)
The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
maxUnavailable (number)
The maximum number of nodes that can be simultaneously unavailable during the upgrade process. To be used when strategy is set to SURGE. Default is 0.
strategy (string)
Strategy used for node pool update. Strategy can only be one of BLUE_GREEN or SURGE. The default is value is SURGE.
version (string)
No description provided.
nodePoolDefaults (array)
Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.
nodeConfigDefaults (array)
Subset of NodeConfig message that has defaults.
loggingVariant (string)
The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information.
nodeVersion (string)
The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. To update nodes in other node pools, use the version attribute on the node pool.
notificationConfig (array)
Configuration for the cluster upgrade notifications feature. Structure is documented below.
pubsub (array)
The pubsub config for the cluster's upgrade notifications.
enabled (boolean)
Whether or not the notification config is enabled
filter (array)
Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Structure is documented below.
eventType (array)
Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. See Filtering notifications for more details.
topic (string)
The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/project/topics/topic.
operation (string)
No description provided.
privateClusterConfig (array)
Configuration for private clusters, clusters with private nodes. Structure is documented below.
enablePrivateEndpoint (boolean)
When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable_private_nodes is true.
enablePrivateNodes (boolean)
Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.
masterGlobalAccessConfig (array)
Controls cluster master global access settings. Structure is documented below.
enabled (boolean)
Whether the cluster master is accessible globally or not.
masterIpv4CidrBlock (string)
The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.
peeringName (string)
The name of the peering between this cluster and the Google owned VPC.
privateEndpoint (string)
The internal IP address of this cluster's master endpoint.
privateEndpointSubnetwork (string)
Subnetwork in cluster's network where master's endpoint will be provisioned.
publicEndpoint (string)
The external IP address of this cluster's master endpoint.
privateIpv6GoogleAccess (string)
The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).
project (string)
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
releaseChannel (array)
Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Selecting a new release channel for more details; the google_container_engine_versions datasource can provide the default version for a channel. Instead, use the "UNSPECIFIED" channel. Structure is documented below.
channel (string)
The selected release channel. Accepted values are:
removeDefaultNodePool (boolean)
If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.
resourceLabels (object)
The GCE resource labels (a map of key/value pairs) to be applied to the cluster.
additionalProperties (string)
No description provided.
resourceUsageExportConfig (array)
Configuration for the ResourceUsageExportConfig feature. Structure is documented below.
bigqueryDestination (array)
Parameters for using BigQuery as the destination of resource usage export.
datasetId (string)
The ID of a BigQuery Dataset. For Example:
enableNetworkEgressMetering (boolean)
Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.
enableResourceConsumptionMetering (boolean)
Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.
selfLink (string)
The server-defined URL for the resource.
serviceExternalIpsConfig (array)
Structure is documented below.
enabled (boolean)
Controls whether external ips specified by a service will be allowed. It is enabled by default.
servicesIpv4Cidr (string)
The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
subnetwork (string)
The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.
tpuIpv4CidrBlock (string)
The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).
verticalPodAutoscaling (array)
Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.
enabled (boolean)
Enables vertical pod autoscaling
workloadIdentityConfig (array)
Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.
workloadPool (string)
The workload pool to attach all Kubernetes service accounts to.
conditions (array)
Conditions of the resource.
lastTransitionTime (string)
LastTransitionTime is the last time this condition transitioned from one status to another.
message (string)
A Message containing details about this condition's last transition from one status to another, if any.
reason (string)
A Reason for this condition's last transition from one status to another.
status (string)
Status of this condition; is it currently True, False, or Unknown?
type (string)
Type of this condition. At most one of each condition type may apply to a resource at any point in time.
|
