- NAME
-
- gcloud container aws clusters create - create an Anthos cluster on AWS
- SYNOPSIS
-
-
gcloud container aws clusters create
(CLUSTER
:--location
=LOCATION
)--aws-region
=AWS_REGION
--cluster-version
=CLUSTER_VERSION
--config-encryption-kms-key-arn
=CONFIG_ENCRYPTION_KMS_KEY_ARN
--database-encryption-kms-key-arn
=DATABASE_ENCRYPTION_KMS_KEY_ARN
--fleet-project
=FLEET_PROJECT
--iam-instance-profile
=IAM_INSTANCE_PROFILE
--pod-address-cidr-blocks
=POD_ADDRESS_CIDR_BLOCKS
--role-arn
=ROLE_ARN
--service-address-cidr-blocks
=SERVICE_ADDRESS_CIDR_BLOCKS
--subnet-ids
=[SUBNET_ID
,…]--vpc-id
=VPC_ID
[--admin-groups
=[GROUP
,…]] [--admin-users
=USER
,[USER
,…]] [--annotations
=ANNOTATION
,[ANNOTATION
,…]] [--async
] [--binauthz-evaluation-mode
=BINAUTHZ_EVALUATION_MODE
] [--description
=DESCRIPTION
] [--disable-per-node-pool-sg-rules
] [--enable-managed-prometheus
] [--instance-type
=INSTANCE_TYPE
] [--logging
=COMPONENT
,[COMPONENT
,…]] [--main-volume-iops
=MAIN_VOLUME_IOPS
] [--main-volume-kms-key-arn
=MAIN_VOLUME_KMS_KEY_ARN
] [--main-volume-size
=MAIN_VOLUME_SIZE
] [--main-volume-throughput
=MAIN_VOLUME_THROUGHPUT
] [--main-volume-type
=MAIN_VOLUME_TYPE
] [--role-session-name
=ROLE_SESSION_NAME
] [--root-volume-iops
=ROOT_VOLUME_IOPS
] [--root-volume-kms-key-arn
=ROOT_VOLUME_KMS_KEY_ARN
] [--root-volume-size
=ROOT_VOLUME_SIZE
] [--root-volume-throughput
=ROOT_VOLUME_THROUGHPUT
] [--root-volume-type
=ROOT_VOLUME_TYPE
] [--security-group-ids
=[SECURITY_GROUP_ID
,…]] [--ssh-ec2-key-pair
=SSH_EC2_KEY_PAIR
] [--tags
=TAG
,[TAG
,…]] [--validate-only
] [--proxy-secret-arn
=PROXY_SECRET_ARN
--proxy-secret-version-id
=PROXY_SECRET_VERSION_ID
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
- Create an Anthos cluster on AWS.
- EXAMPLES
-
To create a cluster named
managed in locationmy-cluster
, run:us-west1
gcloud container aws clusters create my-cluster --location=us-west1 --aws-region=AWS_REGION --cluster-version=CLUSTER_VERSION --database-encryption-kms-key-arn=KMS_KEY_ARN --iam-instance-profile=IAM_INSTANCE_PROFILE --pod-address-cidr-blocks=POD_ADDRESS_CIDR_BLOCKS --role-arn=ROLE_ARN --service-address-cidr-blocks=SERVICE_ADDRESS_CIDR_BLOCKS --subnet-ids=SUBNET_ID --vpc-id=VPC_ID
- POSITIONAL ARGUMENTS
-
-
Cluster resource - cluster to create. The arguments in this group can be used to
specify the attributes of this resource. (NOTE) Some attributes are not given
arguments in this group but can be set in other ways.
To set the
project
attribute:-
provide the argument
cluster
on the command line with a fully specified name; -
provide the argument
--project
on the command line; -
set the property
core/project
.
This must be specified.
CLUSTER
-
ID of the cluster or fully qualified identifier for the cluster.
To set the
cluster
attribute:-
provide the argument
cluster
on the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--location
=LOCATION
-
Google Cloud location for the cluster.
To set the
location
attribute:-
provide the argument
cluster
on the command line with a fully specified name; -
provide the argument
--location
on the command line; -
set the property
container_aws/location
.
-
provide the argument
-
provide the argument
-
Cluster resource - cluster to create. The arguments in this group can be used to
specify the attributes of this resource. (NOTE) Some attributes are not given
arguments in this group but can be set in other ways.
- REQUIRED FLAGS
-
--aws-region
=AWS_REGION
- AWS region to deploy the cluster.
--cluster-version
=CLUSTER_VERSION
- Kubernetes version to use for the cluster.
--config-encryption-kms-key-arn
=CONFIG_ENCRYPTION_KMS_KEY_ARN
- Amazon Resource Name (ARN) of the AWS KMS key to encrypt the user data.
--database-encryption-kms-key-arn
=DATABASE_ENCRYPTION_KMS_KEY_ARN
- Amazon Resource Name (ARN) of the AWS KMS key to encrypt the cluster secrets.
--fleet-project
=FLEET_PROJECT
- ID or number of the Fleet host project where the cluster is registered.
--iam-instance-profile
=IAM_INSTANCE_PROFILE
- Name or ARN of the IAM instance profile associated with the cluster.
--pod-address-cidr-blocks
=POD_ADDRESS_CIDR_BLOCKS
- IP address range for the pods in this cluster in CIDR notation (e.g. 10.0.0.0/8).
--role-arn
=ROLE_ARN
- Amazon Resource Name (ARN) of the IAM role to assume when managing AWS resources.
--service-address-cidr-blocks
=SERVICE_ADDRESS_CIDR_BLOCKS
- IP address range for the services IPs in CIDR notation (e.g. 10.0.0.0/8).
--subnet-ids
=[SUBNET_ID
,…]- Subnet ID of an existing VNET to use for the cluster control plane.
--vpc-id
=VPC_ID
- VPC associated with the cluster.
- OPTIONAL FLAGS
-
--admin-groups
=[GROUP
,…]- Groups of users that can perform operations as a cluster administrator.
--admin-users
=USER
,[USER
,…]- Users that can perform operations as a cluster administrator. If not specified, the value of property core/account is used.
--annotations
=ANNOTATION
,[ANNOTATION
,…]- Annotations for the cluster.
--async
- Return immediately, without waiting for the operation in progress to complete.
--binauthz-evaluation-mode
=BINAUTHZ_EVALUATION_MODE
-
Set Binary Authorization evaluation mode for this cluster.
BINAUTHZ_EVALUATION_MODE
must be one of:DISABLED
,PROJECT_SINGLETON_POLICY_ENFORCE
. --description
=DESCRIPTION
- Description for the cluster.
--disable-per-node-pool-sg-rules
- Disable the default per node pool subnet security group rules on the control plane security group. When disabled, at least one security group that allows node pools to send traffic to the control plane on ports TCP/443 and TCP/8132 must be provided.
--enable-managed-prometheus
-
Enables managed collection for Managed Service for Prometheus in the cluster.
See https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-managed#enable-mgdcoll-gke for more info.
Managed Prometheus is enabled by default for cluster versions 1.27 or greater, use --no-enable-managed-prometheus to disable.
--instance-type
=INSTANCE_TYPE
- AWS EC2 instance type for the control plane's nodes.
--logging
=COMPONENT
,[COMPONENT
,…]-
Set the components that have logging enabled.
Examples:
gcloud container aws clusters create --logging=SYSTEM
gcloud container aws clusters create --logging=SYSTEM,WORKLOAD
COMPONENT
must be one of:SYSTEM
,WORKLOAD
. --main-volume-iops
=MAIN_VOLUME_IOPS
- Number of I/O operations per second (IOPS) to provision for the main volume.
--main-volume-kms-key-arn
=MAIN_VOLUME_KMS_KEY_ARN
- Amazon Resource Name (ARN) of the AWS KMS key to encrypt the main volume.
--main-volume-size
=MAIN_VOLUME_SIZE
-
Size of the main volume. The value must be a whole number followed by a size
unit of
GB
for gigabyte, orTB
for terabyte. If no size unit is specified, GB is assumed. --main-volume-throughput
=MAIN_VOLUME_THROUGHPUT
- Throughput to provision for the main volume, in MiB/s. Only valid if the volume type is GP3. If volume type is GP3 and throughput is not provided, it defaults to 125.
--main-volume-type
=MAIN_VOLUME_TYPE
-
Type of the main volume.
MAIN_VOLUME_TYPE
must be one of:gp2
,gp3
. --role-session-name
=ROLE_SESSION_NAME
- Identifier for the assumed role session.
--root-volume-iops
=ROOT_VOLUME_IOPS
- Number of I/O operations per second (IOPS) to provision for the root volume.
--root-volume-kms-key-arn
=ROOT_VOLUME_KMS_KEY_ARN
- Amazon Resource Name (ARN) of the AWS KMS key to encrypt the root volume.
--root-volume-size
=ROOT_VOLUME_SIZE
-
Size of the root volume. The value must be a whole number followed by a size
unit of
GB
for gigabyte, orTB
for terabyte. If no size unit is specified, GB is assumed. --root-volume-throughput
=ROOT_VOLUME_THROUGHPUT
- Throughput to provision for the root volume, in MiB/s. Only valid if the volume type is GP3. If volume type is GP3 and throughput is not provided, it defaults to 125.
--root-volume-type
=ROOT_VOLUME_TYPE
-
Type of the root volume.
ROOT_VOLUME_TYPE
must be one of:gp2
,gp3
. --security-group-ids
=[SECURITY_GROUP_ID
,…]- IDs of additional security groups to add to the control plane's nodes.
--ssh-ec2-key-pair
=SSH_EC2_KEY_PAIR
- Name of the EC2 key pair authorized to login to the control plane's nodes.
-
Applies the given tags (comma separated) on the cluster. Example:
gcloud container aws clusters create EXAMPLE_CLUSTER --tags=tag1=one,tag2=two
--validate-only
- Validate the cluster to create, but don't actually perform it.
-
Proxy config
--proxy-secret-arn
=PROXY_SECRET_ARN
-
ARN of the AWS Secrets Manager secret that contains a proxy configuration.
This flag argument must be specified if any of the other arguments in this group are specified.
--proxy-secret-version-id
=PROXY_SECRET_VERSION_ID
-
Version ID string of the AWS Secrets Manager secret that contains a proxy
configuration.
This flag argument must be specified if any of the other arguments in this group are specified.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This variant is also available:
gcloud alpha container aws clusters create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-01-22 UTC.