Class NodeMetadata (2.32.0)


NodeMetadata is the configuration for if and how to expose the node metadata to the workload running on the node.

Values: UNSPECIFIED (0): Not set. SECURE (1): Prevent workloads not in hostNetwork from accessing certain VM metadata, specifically kube-env, which contains Kubelet credentials, and the instance identity token.

    Metadata concealment is a temporary security
    solution available while the bootstrapping
    process for cluster nodes is being redesigned
    with significant security improvements.  This
    feature is scheduled to be deprecated in the
    future and later removed.
    Expose all VM metadata to pods.
    Run the GKE Metadata Server on this node. The
    GKE Metadata Server exposes a metadata API to
    workloads that is compatible with the V1 Compute
    Metadata APIs exposed by the Compute Engine and
    App Engine Metadata Servers. This feature can
    only be enabled if Workload Identity is enabled
    at the cluster level.