Reference documentation and code samples for the Kubernetes Engine V1beta1 API module Google::Cloud::Container::V1beta1::WorkloadMetadataConfig::NodeMetadata.
NodeMetadata is the configuration for if and how to expose the node
metadata to the workload running on the node.
Constants
UNSPECIFIED
value: 0 Not set.
SECURE
value: 1 Prevent workloads not in hostNetwork from accessing certain VM metadata,
specifically kube-env, which contains Kubelet credentials, and the
instance identity token.
Metadata concealment is a temporary security solution available while the
bootstrapping process for cluster nodes is being redesigned with
significant security improvements. This feature is scheduled to be
deprecated in the future and later removed.
EXPOSE
value: 2 Expose all VM metadata to pods.
GKE_METADATA_SERVER
value: 3 Run the GKE Metadata Server on this node. The GKE Metadata Server exposes
a metadata API to workloads that is compatible with the V1 Compute
Metadata APIs exposed by the Compute Engine and App Engine Metadata
Servers. This feature can only be enabled if Workload Identity is enabled
at the cluster level.
