Google Cloud Container V1 Client - Class Policy (2.7.0)

Reference documentation and code samples for the Google Cloud Container V1 Client class Policy.

Defines the kernel module loading policy for nodes in the nodepool.

Protobuf type google.container.v1.LinuxNodeConfig.NodeKernelModuleLoading.Policy

Namespace

Google \ Cloud \ Container \ V1 \ LinuxNodeConfig \ NodeKernelModuleLoading

Methods

static::name

Parameter
Name	Description
`value`	`mixed`

static::value

Parameter
Name	Description
`name`	`mixed`

Constants

POLICY_UNSPECIFIED

Value: 0

Default behavior. GKE selects the image based on node type.

For CPU and TPU nodes, the image will not allow loading external kernel modules. For GPU nodes, the image will allow loading any module, whether it is signed or not.

Generated from protobuf enum POLICY_UNSPECIFIED = 0;

ENFORCE_SIGNED_MODULES

Value: 1

Enforced signature verification: Node pools will use a Container-Optimized OS image configured to allow loading of Google-signed external kernel modules.

Loadpin is enabled but configured to exclude modules, and kernel module signature checking is enforced.

Generated from protobuf enum ENFORCE_SIGNED_MODULES = 1;

DO_NOT_ENFORCE_SIGNED_MODULES

Value: 2

Mirrors existing DEFAULT behavior: For CPU and TPU nodes, the image will not allow loading external kernel modules.

For GPU nodes, the image will allow loading any module, whether it is signed or not.

Generated from protobuf enum DO_NOT_ENFORCE_SIGNED_MODULES = 2;