Class Cluster

Manages a Google Kubernetes Engine (GKE) cluster. For more information see the official documentation and the API reference.

Note: All arguments and attributes, including basic auth username and passwords as well as certificate outputs will be stored in the raw state as plaintext. Read more about secrets in state.

Example Usage - with the default node pool

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var primary = new Gcp.Container.Cluster("primary", new Gcp.Container.ClusterArgs
    {
        InitialNodeCount = 3,
        Location = "us-central1-a",
        MasterAuth = new Gcp.Container.Inputs.ClusterMasterAuthArgs
        {
            ClientCertificateConfig = new Gcp.Container.Inputs.ClusterMasterAuthClientCertificateConfigArgs
            {
                IssueClientCertificate = false,
            },
            Password = "",
            Username = "",
        },
        NodeConfig = new Gcp.Container.Inputs.ClusterNodeConfigArgs
        {
            Labels = 
            {
                { "foo", "bar" },
            },
            Metadata = 
            {
                { "disable-legacy-endpoints", "true" },
            },
            OauthScopes = 
            {
                "https://www.googleapis.com/auth/logging.write",
                "https://www.googleapis.com/auth/monitoring",
            },
            Tags = 
            {
                "foo",
                "bar",
            },
        },
    });
}

}
Inheritance
System.Object
Resource
CustomResource
Cluster
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Gcp.Container
Assembly: Pulumi.Gcp.dll
Syntax
public class Cluster : CustomResource

Constructors

View Source

Cluster(String, ClusterArgs, CustomResourceOptions)

Create a Cluster resource with the given unique name, arguments, and options.

Declaration
public Cluster(string name, ClusterArgs args = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
ClusterArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AddonsConfig

The configuration for addons supported by GKE. Structure is documented below.

Declaration
public Output<ClusterAddonsConfig> AddonsConfig { get; }
Property Value
Type Description
Output<ClusterAddonsConfig>
View Source

AuthenticatorGroupsConfig

Configuration for the Google Groups for GKE feature. Structure is documented below.

Declaration
public Output<ClusterAuthenticatorGroupsConfig> AuthenticatorGroupsConfig { get; }
Property Value
Type Description
Output<ClusterAuthenticatorGroupsConfig>
View Source

ClusterAutoscaling

Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details. Structure is documented below.

Declaration
public Output<ClusterClusterAutoscaling> ClusterAutoscaling { get; }
Property Value
Type Description
Output<ClusterClusterAutoscaling>
View Source

ClusterIpv4Cidr

The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

Declaration
public Output<string> ClusterIpv4Cidr { get; }
Property Value
Type Description
Output<System.String>
View Source

DatabaseEncryption

. Structure is documented below.

Declaration
public Output<ClusterDatabaseEncryption> DatabaseEncryption { get; }
Property Value
Type Description
Output<ClusterDatabaseEncryption>
View Source

DefaultMaxPodsPerNode

The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled. See the official documentation for more information.

Declaration
public Output<int> DefaultMaxPodsPerNode { get; }
Property Value
Type Description
Output<System.Int32>
View Source

Description

Description of the cluster.

Declaration
public Output<string> Description { get; }
Property Value
Type Description
Output<System.String>
View Source

EnableBinaryAuthorization

Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.

Declaration
public Output<bool?> EnableBinaryAuthorization { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

EnableIntranodeVisibility

Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

Declaration
public Output<bool?> EnableIntranodeVisibility { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

EnableKubernetesAlpha

Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

Declaration
public Output<bool?> EnableKubernetesAlpha { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

EnableLegacyAbac

Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false

Declaration
public Output<bool?> EnableLegacyAbac { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

EnableShieldedNodes

Enable Shielded Nodes features on all nodes in this cluster. Defaults to false.

Declaration
public Output<bool?> EnableShieldedNodes { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

EnableTpu

Whether to enable Cloud TPU resources in this cluster. See the official documentation.

Declaration
public Output<bool?> EnableTpu { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

Endpoint

The IP address of this cluster's Kubernetes master.

Declaration
public Output<string> Endpoint { get; }
Property Value
Type Description
Output<System.String>
View Source

InitialNodeCount

The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using gcp.container.NodePool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

Declaration
public Output<int?> InitialNodeCount { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>
View Source

InstanceGroupUrls

List of instance group URLs which have been assigned to the cluster.

Declaration
public Output<ImmutableArray<string>> InstanceGroupUrls { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

IpAllocationPolicy

Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based. Structure is documented below.

Declaration
public Output<ClusterIpAllocationPolicy> IpAllocationPolicy { get; }
Property Value
Type Description
Output<ClusterIpAllocationPolicy>
View Source

LabelFingerprint

The fingerprint of the set of labels for this cluster.

Declaration
public Output<string> LabelFingerprint { get; }
Property Value
Type Description
Output<System.String>
View Source

Location

The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well

Declaration
public Output<string> Location { get; }
Property Value
Type Description
Output<System.String>
View Source

LoggingService

The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes

Declaration
public Output<string> LoggingService { get; }
Property Value
Type Description
Output<System.String>
View Source

MaintenancePolicy

The maintenance policy to use for the cluster. Structure is documented below.

Declaration
public Output<ClusterMaintenancePolicy> MaintenancePolicy { get; }
Property Value
Type Description
Output<ClusterMaintenancePolicy>
View Source

MasterAuth

The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff removing a username/password or unsetting your client cert, ensure you have the container.clusters.getCredentials permission. Structure is documented below.

Declaration
public Output<ClusterMasterAuth> MasterAuth { get; }
Property Value
Type Description
Output<ClusterMasterAuth>
View Source

MasterAuthorizedNetworksConfig

The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).

Declaration
public Output<ClusterMasterAuthorizedNetworksConfig> MasterAuthorizedNetworksConfig { get; }
Property Value
Type Description
Output<ClusterMasterAuthorizedNetworksConfig>
View Source

MasterVersion

The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

Declaration
public Output<string> MasterVersion { get; }
Property Value
Type Description
Output<System.String>
View Source

MinMasterVersion

The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version). Most users will find the gcp.container.getEngineVersions data source useful - it indicates which versions are available. If you intend to specify versions manually, the docs describe the various acceptable formats for this field.

Declaration
public Output<string> MinMasterVersion { get; }
Property Value
Type Description
Output<System.String>
View Source

MonitoringService

The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes

Declaration
public Output<string> MonitoringService { get; }
Property Value
Type Description
Output<System.String>
View Source

Name

The name of the cluster, unique within the project and location.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

Network

The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

Declaration
public Output<string> Network { get; }
Property Value
Type Description
Output<System.String>
View Source

NetworkPolicy

Configuration options for the NetworkPolicy feature. Structure is documented below.

Declaration
public Output<ClusterNetworkPolicy> NetworkPolicy { get; }
Property Value
Type Description
Output<ClusterNetworkPolicy>
View Source

NodeConfig

Parameters used in creating the default node pool. Generally, this field should not be used at the same time as a gcp.container.NodePool or a node_pool block; this configuration manages the default node pool, which isn't recommended to be used. Structure is documented below.

Declaration
public Output<ClusterNodeConfig> NodeConfig { get; }
Property Value
Type Description
Output<ClusterNodeConfig>
View Source

NodeLocations

The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

Declaration
public Output<ImmutableArray<string>> NodeLocations { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

NodePools

List of node pools associated with this cluster. See gcp.container.NodePool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the gcp.container.NodePool resource instead of this property.

Declaration
public Output<ImmutableArray<ClusterNodePool>> NodePools { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<ClusterNodePool>>
View Source

NodeVersion

The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as the provider will see spurious diffs when fuzzy versions are used. See the gcp.container.getEngineVersions data source's version_prefix field to approximate fuzzy versions. To update nodes in other node pools, use the version attribute on the node pool.

Declaration
public Output<string> NodeVersion { get; }
Property Value
Type Description
Output<System.String>
View Source

Operation

Declaration
public Output<string> Operation { get; }
Property Value
Type Description
Output<System.String>
View Source

PodSecurityPolicyConfig

Configuration for the PodSecurityPolicy feature. Structure is documented below.

Declaration
public Output<ClusterPodSecurityPolicyConfig> PodSecurityPolicyConfig { get; }
Property Value
Type Description
Output<ClusterPodSecurityPolicyConfig>
View Source

PrivateClusterConfig

Configuration for private clusters, clusters with private nodes. Structure is documented below.

Declaration
public Output<ClusterPrivateClusterConfig> PrivateClusterConfig { get; }
Property Value
Type Description
Output<ClusterPrivateClusterConfig>
View Source

Project

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Declaration
public Output<string> Project { get; }
Property Value
Type Description
Output<System.String>
View Source

ReleaseChannel

Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. When updating this field, GKE imposes specific version requirements. See Migrating between release channels for more details; the gcp.container.getEngineVersions datasource can provide the default version for a channel. Note that removing the release_channel field from your config will cause this provider to stop managing your cluster's release channel, but will not unenroll it. Instead, use the &quot;UNSPECIFIED&quot; channel. Structure is documented below.

Declaration
public Output<ClusterReleaseChannel> ReleaseChannel { get; }
Property Value
Type Description
Output<ClusterReleaseChannel>
View Source

RemoveDefaultNodePool

If true, deletes the default node pool upon cluster creation. If you're using gcp.container.NodePool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

Declaration
public Output<bool?> RemoveDefaultNodePool { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

ResourceLabels

The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

Declaration
public Output<ImmutableDictionary<string, string>> ResourceLabels { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.String>>
View Source

ResourceUsageExportConfig

Configuration for the ResourceUsageExportConfig feature. Structure is documented below.

Declaration
public Output<ClusterResourceUsageExportConfig> ResourceUsageExportConfig { get; }
Property Value
Type Description
Output<ClusterResourceUsageExportConfig>
View Source

ServicesIpv4Cidr

The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.

Declaration
public Output<string> ServicesIpv4Cidr { get; }
Property Value
Type Description
Output<System.String>
View Source

Subnetwork

The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

Declaration
public Output<string> Subnetwork { get; }
Property Value
Type Description
Output<System.String>
View Source

TpuIpv4CidrBlock

The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).

Declaration
public Output<string> TpuIpv4CidrBlock { get; }
Property Value
Type Description
Output<System.String>
View Source

VerticalPodAutoscaling

Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below.

Declaration
public Output<ClusterVerticalPodAutoscaling> VerticalPodAutoscaling { get; }
Property Value
Type Description
Output<ClusterVerticalPodAutoscaling>
View Source

WorkloadIdentityConfig

Workload Identity allows Kubernetes service accounts to act as a user-managed Google IAM Service Account. Structure is documented below.

Declaration
public Output<ClusterWorkloadIdentityConfig> WorkloadIdentityConfig { get; }
Property Value
Type Description
Output<ClusterWorkloadIdentityConfig>

Methods

View Source

Get(String, Input<String>, ClusterState, CustomResourceOptions)

Get an existing Cluster resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static Cluster Get(string name, Input<string> id, ClusterState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
ClusterState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
Cluster